JAAS Custom Login Module

Question

JAAS Custom Login Module

I have a custom ear-entry module on jboss. Ear META-INF has jboss-app.xml, which points to login-service.xml, which contains mbean, which points to login-config.xml, which defines a custom login module.

jboss.xml in the ear META-INF uses the same security domain as for the login module in login-config.xml.

When calling EJB in this ear, I don’t see that my custom login module uses login and commit methods, as I saw when I implemented this elsewhere in the past.

I have a log4j trace for org.jboss.security and I don't see anything when making an EJB call. The EJB call is successful, although I am not authenticated.

I cannot understand why my login module is not being called or how to debug the JAAS decision making process. Any ideas? Thank.

+3

java java-ee jboss jaas

rich Jun 09 '10 at 13:44

source share

2 answers

What you've done so far is creating a login module, now you need to tell EJB to use it:

import javax.annotation.security.RolesAllowed;
import javax.ejb.Stateless;

import org.jboss.ejb3.annotation.SecurityDomain;


@Stateless
@SecurityDomain("mySecurityDomain")
@RolesAllowed({"guestRole", "userRole", "adminRole"})
public class SecureBean implements Secure {

+3

Guillaume Jun 09 '10 at 15:11

source share

rich · Accepted Answer · 2010-06-11T08:44:02+0000

I found the problem with some help.

My jboss.xml was in the META-INF folder for the ear, it should have been in the META-INF folder for the EJB banner.

Apparently, the jboss file in the in-ear META-INF folder would be jboss-app.xml, which I think will be the key to remembering next time.

JAAS Custom Login Module

More articles: