8 Replies Latest reply: Jul 16, 2011 11:30 AM by Rich Midwinter RSS

JAAS DatabaseServerLoginModule on Jboss AS 7

Emanuel Zimmermann Newbie

Hello, I have this configuration:

 

 

 

 

Jboss 7 security configurations seem to have changed drastically, can anyone tell me how to migrate that to Jboss 7 conf?

  • 1. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
    Emanuel Zimmermann Newbie

    <application-policy name="turismo">

         <authentication>

              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                   <module-option name="dsJndiName">java:turismo</module-option>

                   <module-option name="principalsQuery">select password from Usuario where email=?</module-option>

                   <module-option name="rolesQuery">

                     select ug.grupos_groupName, 'Roles' from Usuario_Grupo ug, Usuario u where u.id=ug.usuarios_id and u.email=?

                    </module-option>

                   <module-option name="hashAlgorithm">SHA-256</module-option>

                   <module-option name="hashEncoding">base64</module-option>

              </login-module>

         </authentication>

    </application-policy>

  • 2. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
    Bruno Vernay Newbie

    What used to be in login-conf.xml is now in standalone.xml (or domain.xml) depending on which one you are using.

    In configuration/standalone.xml, there is a

    <subsystem xmlns="urn:jboss:domain:security:1.0"> <security-domains>

       <security-domain name="turismo">

        <authentication>

              <login-module code="Database" flag="required">

                   <module-option name="dsJndiName" value="java:turismo"/>

                   <module-option name="principalsQuery" value="select password from Usuario where email=?"/>

                   <module-option name="rolesQuery">

                     select ug.grupos_groupName, 'Roles' from Usuario_Grupo ug, Usuario u where u.id=ug.usuarios_id and u.email=?

                    </module-option>

                   <module-option name="hashAlgorithm">SHA-256</module-option>

                   <module-option name="hashEncoding">base64</module-option>

              </login-module>

         </authentication>

      </security-domain>
    </security-domains>
    </subsystem>

    You have to change the name/value everywhere and it should work.

    You can use the long code if you want: org.jboss.security.auth.spi.DatabaseServerLoginModule

  • 3. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
    Dejan Kitic Newbie

    jndi convention has also changed, so DS should be looked up with something like this:  java:jboss/datasources/nameOfDS

    <module-option name="dsJndiName" value="java:jboss/datasources/turismo"/>

    Cheers,

    D


  • 4. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
    Gerry Matte Novice

    Hi Dejan.

    Would you mind posting the code that would lookup the above datasource ?

    My former method of creating an InitialContext no longer works with AS7.

    Thanks.

  • 5. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
    Dejan Kitic Newbie

    If I remember correct something like this would work:

    try

            {

                InitialContext ctx = new InitialContext();

                DataSource ds = (DataSource) ctx.lookup("java:jboss/datasources/myDS");

                //do something with ds

            }catch(NamingException ne)

            {

                ne.printStackTrace();

            }

    if not, let me know I ll hack a full example, also this could be used inside EJB:

    @Resource(mappedName="java:jboss/datasources/myDS") DataSource ds;

     

    Cheers,

    D

  • 6. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
    Emanuel Zimmermann Newbie

    What JNDI is the security domain given?. I have a jboss-web.xml with this configuration:

     

    <?xml version="1.0" encoding="UTF-8"?>

    <jboss-web>

      <context-root>/</context-root>

      <security-domain>java:/jaas/turismo</security-domain>

    </jboss-web>

     

    Is this still ok if my security domain "name" attribute is turismo? I'm asking because the JNDI name for datasources has changed, may be that changed too.

  • 7. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
    jaikiran pai Master

    Emanuel Zimmermann wrote:

     

    What JNDI is the security domain given?. I have a jboss-web.xml with this configuration:

     

      <security-domain>java:/jaas/turismo</security-domain>

     

    Is this still ok if my security domain "name" attribute is turismo? I'm asking because the JNDI name for datasources has changed, may be that changed too.

    Don't use the JNDI name there. Just use the security domain "name". So change it to:

     

    <security-domain>turismo</security-domain>