Geek Answers Handbook

Deploying a data entry module with a JAAS login module as .sar in jboss

Does anyone have experience combining datasource data (-ds.xml) + login-config.xml as a service archive in jboss? I have been struggling with this for a while. I'm just looking for some pointers on how I should put off .sar. I want .sar to end up living in .ear. Any pointers are very appreciated!

+4
source share
1 answer

This is a relatively simple task.

Your EAR file should have the following layout:

my-app.ear |+ META-INF |+ applications.xml and jboss-app.xml |+ myapp.war |+ myapp.jar |+ lib |+ my-ds.xml |+ my-login-module-service.xml

where my-ds.xml contains the definition of the data source, as usual. my-login-module-service.xml defines an MBean based on the DynamicLoginConfig class. These modules then reference jboss-app.xml (a custom JBoss deployment descriptor), as shown here:

 <jboss-app> <module> <service>my-login-module-service.xml</service> </module> <module> <service>my-ds.xml</service> </module> </jboss-app>

The easiest way to create a Login module definition is to use support for embedded XML documents as attribute values. Such a configuration (my-login-module-service.xml) would look like this:

 <server> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig"> <attribute name="PolicyConfig" serialDataType="jbxb"> <jaas:policy xsi:schemaLocation="urn:jboss:security-config:4.1 resource:security-config_4_1.xsd" xmlns:jaas="urn:jboss:security-config:4.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <jaas:application-policy name="userinrole"> <jaas:authentication> <jaas:login-module code="org.jboss.security.auth.spi.XMLLoginModule" flag="required"> <jaas:module-option name="my-policy-123"> <ur:users xsi:schemaLocation="urn:jboss:user-roles:1.0 resource:user-roles_1_0.xsd" xmlns:ur="urn:jboss:user-roles:1.0"> <ur:user name="admin" password="admin123"> <ur:role name="MyUserRole"></ur:role> <ur:role name="AdminUser"></ur:role </ur:user> </ur:users> </jaas:module-option> <jaas:module-option name="unauthenticatedIdentity">guest</jaas:module-option> </jaas:login-module> </jaas:authentication> </jaas:application-policy> </jaas:policy> </attribute> <depends optional-attribute-name="LoginConfigService">jboss.security:service=XMLLoginConfig</depends> <depends optional-attribute-name="SecurityManagerService">jboss.security:service=JaasSecurityManager</depends> </mbean> </server>

You can verify the successful deployment using the JNDIVIew bean (java: / jaas / my-policy-123 in this example).

For deployment, including custom classes, it is best to choose to deploy the SAR archive along with custom code. In this case, you can separate the MBean definition and the configuration of the login module (META-INF / jboss-service.xml):

 <server> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig"> <attribute name="AuthConfig">META-INF/login-config.xml</attribute> <depends optional-attribute-name="LoginConfigService">jboss.security:service=XMLLoginConfig</depends> <depends optional-attribute-name="SecurityManagerService">jboss.security:service=JaasSecurityManager</depends> </mbean> </server>

Then META-INF / login-config.xml will contain your policy configuration.

I use this approach for JBoss AS 4.x.

+4
source

More articles:


All Articles