Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

unable to set security domain via jboss-web.xml

We have an app that is being deployed as an ear. Within this ear, there is a war that needs to use a specific security domain.

To achieve this, we have configured the standalone-full-ha.xml with the following security section

<security-domain name="ourDomain" cache-type="default">
    <authentication>
        <login-module code="blah.blah.OurDomain" flag="required" />
    </authentication>
</security-domain>

ear/war/WEB-INF/jboss-web.xml is configured as follows:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
   <security-domain>Quark</security-domain>
   <disable-audit>true</disable-audit>
</jboss-web>

With this configuration, the app tries to authenticate against the "other" domain which is there in JBoss by default.

log entries as follows:

TRACE [org.jboss.security] (http-/127.0.0.1:8080-6) PBOX000224: End getAppConfigurationEntry(other), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule
ControlFlag: LoginModuleControlFlag: optional
Options:
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.as.security.RealmDirectLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=password-stacking, value=useFirstPass

When trying to define this as part of the ear in ear/META-INF/jboss-app.xml, that made the whole thing blow up pretty spectacularly - so figured that was less likely to be the way to resolve this.

If the default security domain is changed to ourDomain however, it all works as expected.

This doesn't seem to be a big deal - however, it feels better to be able to leave as much of the configuration in the app as possible.

Any pointers to resolve this appreciated.

like image 784
drone.ah Avatar asked Aug 13 '14 12:08

drone.ah


1 Answers

Your security domain name specified in jboss-web.xml needs to match the name of some security domain in your JBoss config, in your case the web descriptor specifies Quark while the security subsystem defined domain named ourDomain.

Whenever JBoss can not find the security domain you request in your jboss-web.xml, it will fallback to the default security domain, which in case of 7.x is named other.

like image 187
yntelectual Avatar answered Sep 28 '22 08:09

yntelectual