6 Replies Latest reply on May 27, 2010 1:34 PM by anil.saldhana

    Making basic PicketBox authentication sample working in JBoss AS 6.0

    sergeyb

      Hi

       

      I'm trying to update some existing JBossWS authentication code to use PicketBox API, as shown at [1]. I'm working with JBoss AS trunk.

       

      Specifically, $JBossAS/server/default/conf/login-config.xml contains application policy definitions for various domains, such as JBossWS, etc.

      I'm trying to do the code like this (just omitting try/catch/finally for brewity):

       

      // to be configured

      String configFile = "conf/login-config.xml";
      SecurityFactory.prepare();
      PicketBoxConfiguration idtrustConfig = new PicketBoxConfiguration();
      idtrustConfig.load(configFile);

       

      this throws ConfigurationStreamNullException during the test.

       

      Initial question : what is the correct way to specify the name of the configuration file (login-config.xml) shipped with JBoss AS ?

       

      cheers, Sergey

       

      P.S. By the way, only picketbox-bare-3.0.0.Beta5 (no picketbox-bare-3.0.0.Beta6) is available in Maven repos

       

      [1] https://community.jboss.org/wiki/PicketBoxAuthentication

        • 1. Re: Making basic PicketBox authentication sample working in JBoss AS 6.0
          anil.saldhana

          If you are operating in the AS environment, either provide your own xml config file or leave that blank.

          • 2. Re: Making basic PicketBox authentication sample working in JBoss AS 6.0
            sergeyb

            Ok, I've managed to prototype a replacement code (PicketBox vs JNDI) using my own file.

             

            However, using a "" configuration file name does help with eliminating the exception reported earlier but what happens is that it actually resolves to VirtualJarInputStream as opposed to say FileInputStream (ex, when using a custom file). I'm not really sure what it points too, but would like to ask : would you consider enhancing PicketBox to auto-resolve to an OTB login-config.xml shipped with JBossAS ?

             

            2. How safe it is to use the code like

             

            public class SomeClass {

             

                     private AuthenticationManager am;

             

             

                      private init() {

                      SecurityFactory.prepare();
                      try
                      {
                         PicketBoxConfiguration idtrustConfig = new PicketBoxConfiguration();
                         idtrustConfig.load(configFile);

                         am = SecurityFactory.getAuthenticationManager(securityDomainName);

                      }

                      finally {

                         SecurityFactory.prepare();

                      }

                      }

             

             

                      public void handleRequest(...) {

                           am.isValid(...);

                      }

            }

             

            given that I do not want to parse XML and load the authentication manager on every request

             

            thanks

            • 3. Re: Making basic PicketBox authentication sample working in JBoss AS 6.0
              anil.saldhana

              What happens when you dont load the config file?   In JBossAS, the security subsystem has already parsed the conf/login-config.xml for you.  Applications using PicketBox will load a config file of their own or do not, if they want to reuse the conf/login-config.xml (or any of the AS loaded configuration files).

              • 4. Re: Making basic PicketBox authentication sample working in JBoss AS 6.0
                sergeyb

                Looks like it does find the JBossAS loaded login-config.xml, when no custom file is loaded, cool...

                 

                Regarding my second question : I'm presumin it is safe to preload AuthenticationManager in advance ?

                 

                thanks

                • 5. Re: Making basic PicketBox authentication sample working in JBoss AS 6.0
                  anil.saldhana

                  In JBAS, PicketBox automatically detects the needed infrastructure from JBAS6.  Only when you run standalone you need to be worried about configuration and things like that.

                   

                  The AuthenticationManager the security factory returns is the authentication manager active in JBAS. This is needed for doing any propagation in JBAS to other components.

                  • 6. Re: Making basic PicketBox authentication sample working in JBoss AS 6.0
                    anil.saldhana

                    I do recommend not reusing the conf/login-config.xml for your security domains.  If you are defining new security domains, best is to create a new config file such that securityfactory prepare installs and release uninstalls the configuration.