Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

unable to set security domain via jboss-web.xml

Tags:

authentication

configuration

jboss7.x

We have an app that is being deployed as an ear. Within this ear, there is a war that needs to use a specific security domain.

To achieve this, we have configured the standalone-full-ha.xml with the following security section

<security-domain name="ourDomain" cache-type="default">
    <authentication>
        <login-module code="blah.blah.OurDomain" flag="required" />
    </authentication>
</security-domain>

ear/war/WEB-INF/jboss-web.xml is configured as follows:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
   <security-domain>Quark</security-domain>
   <disable-audit>true</disable-audit>
</jboss-web>

With this configuration, the app tries to authenticate against the "other" domain which is there in JBoss by default.

log entries as follows:

TRACE [org.jboss.security] (http-/127.0.0.1:8080-6) PBOX000224: End getAppConfigurationEntry(other), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule
ControlFlag: LoginModuleControlFlag: optional
Options:
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.as.security.RealmDirectLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=password-stacking, value=useFirstPass

When trying to define this as part of the ear in ear/META-INF/jboss-app.xml, that made the whole thing blow up pretty spectacularly - so figured that was less likely to be the way to resolve this.

If the default security domain is changed to ourDomain however, it all works as expected.

This doesn't seem to be a big deal - however, it feels better to be able to leave as much of the configuration in the app as possible.

Any pointers to resolve this appreciated.

like image 784
drone.ah Avatar asked Aug 13 '14 12:08

drone.ah

1 Answers

Your security domain name specified in jboss-web.xml needs to match the name of some security domain in your JBoss config, in your case the web descriptor specifies Quark while the security subsystem defined domain named ourDomain.

Whenever JBoss can not find the security domain you request in your jboss-web.xml, it will fallback to the default security domain, which in case of 7.x is named other.

like image 187
yntelectual Avatar answered Sep 28 '22 08:09

yntelectual
Sign in to Comment

Related questions

Application to Application authentication/access control without HTTPS
Asp.Net: How to allow access to a page to intranet user and deny for extranet users?
Write unit test for a controller that uses AuthComponent in CakePHP 2
Token authentication using PHP for mobile devices
CakePHP auth Pluggin redirect issue
cakePHP isAuthorized not working
How to stay connected to facebook in an Android application
IdHTTP Access Violation on Disconnect
.ASPXAUTH cookie expires at session end
Apache basic authentication issue with reverse proxy
What is the cleanest way to leverage Forms Authentication from ServiceStack?
Devise with multiple models & multiple login forms
IIS7 (Windows) Authentication -- Cannot figure out why new website errors 401
How to integrate AD authentication + SSO with exsisting Forms authenticated Saas web application
Cassandra access control
Can I send out of band data along with a commit?
Checking and updating passwords with passport-local and bcrypt in node.js
C# LdapConnection Authentication Issue
How to write integration test for asp.net web api
Play Framework handle Authorization not authentication

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!