JAAS custom login module

Question

I've got a custom login module in an ear on jboss. The ear's META-INF has a jboss-app.xml which points at a login-service.xml which contains an mbean that points to a login-config.xml which defines the custom login module.

The jboss.xml in the ear's META-INF uses the same security-domain as that defined for the login module in login-config.xml.

On making a call to an EJB within that ear I don't see my custom login module running the login and commit methods like I've seen when I've implemented this elsewhere in the past.

I have trace log4j setup for org.jboss.security and I see nothing on making the EJB call. The EJB call is successful even though I'm not authenticated.

I can't work out why my login module isn't being called or how to debug the JAAS decision process. Any ideas? Thanks.

Answer 1

What you've done so far is creating the login module, now you need to tell your EJB to use it:

import javax.annotation.security.RolesAllowed;
import javax.ejb.Stateless;

import org.jboss.ejb3.annotation.SecurityDomain;


@Stateless
@SecurityDomain("mySecurityDomain")
@RolesAllowed({"guestRole", "userRole", "adminRole"})
public class SecureBean implements Secure {

Answer 2

I found the problem, with some help.

My jboss.xml was in the META-INF folder for the ear, it should have been in the META-INF folder for the EJB jar.

Apparently the jboss file in the ear's META-INF folder would have been jboss-app.xml, which I guess would be the clue to remember for next time.