[jboss-user] [Security & JAAS/JBoss] - Q about login config

kabhishek30 Mon, 09 Oct 2006 11:48:17 -0700

Q1:
I have an application that I am able to deploy and run on JBoss app server. I 
use a custom LoginModule for authenticating users into this application. The 
LoginModule is configured in <jboss_server_path>/conf/login-config.xml as:


<application-policy name="gsnx.security.Login">
                                
                                        <login-module 
code="com.gsnx.core.server.security.LdapLoginModule" flag="required">
                        <module-option 
name="initial-context-factory">com.sun.jndi.ldap.LdapCtxFactory
                        </module-option>
                        <module-option 
name="user-password-changepw-gsnx-handler">com.gsnx.core.server.security.LdapLoginModule
                        </module-option>
                        <module-option 
name="ldap-url">ldap://127.0.0.1:389</module-option>
                        <module-option 
name="connection-username">cn=Manager,dc=gsnx,dc=com</module-option>
                        <module-option 
name="connection-password">changeme</module-option>
                        <module-option 
name="connection-protocol">ldap</module-option>
                        <module-option 
name="authentication">simple</module-option>
                        <module-option 
name="user-search-base">dc=gsnx,dc=com</module-option>
                        <module-option 
name="user-search-pattern">cn={0}</module-option>
                        <module-option 
name="user-search-scope-subtree">true</module-option>
                        <module-option name="user-password-attribute"/>
                        <module-option name="role-search-base"/>
                        <module-option name="role-name-attribute"/>
                        <module-option name="role-search-pattern"/>
                        <module-option name="role-search-scope-subtree"/>
                        <module-option name="user-role-attribute"/>
                                
                        </login-module>

                                
                        </application-policy>

As can be seen the custom loginModule contacts an LDAP server for 
authentication. All this works fine as long as I can edit the 
conf/login-config.xml file in my JBoss app server configuration to include my 
custom loginModule. 

Now, for certain organizational reasons, I do not want to edit the 
conf/login-config.xml file in JBoss app server's path. So my Q is, is there a  
way I can configure my custom LoginModule without ever needing to edit the 
conf/login-config.xml in Jboss's path? Can I somehow provide an additional 
login-config.xml inside my application's path? Or is there some other way to 
configure the custom LoginModule so that the configuration remains completely 
inside the application and does not affect any of the default configuration 
files for the JBoss app server? 


Q2:
Another issue related to the above situation is that I have an external Java 
RMI program that uses the same custom LoginModule as above for authentication. 
The loginModule is configured for this external RMI program in a login.config 
file that is in the classpath in the following way:

gsnx.security.Login 
{
  com.gsnx.core.server.security.LdapLoginModule required 
      initial-context-factory="com.sun.jndi.ldap.LdapCtxFactory"
      ldap-url="ldap://devwrk65.dev.e2open.com:389";
      connection-username="cn=Manager,dc=gsnx,dc=com"
      connection-password="slapface"
      connection-protocol="ldap"
      authentication="simple"
      user-search-base="dc=gsnx,dc=com"
      user-search-pattern="cn={0}"
      user-search-scope-subtree="true"
      
user-password-changepw-gsnx-handler="com.gsnx.core.server.security.LdapLoginModule"
      user-password-attribute="userPassword"
      role-search-base=""
      role-name-attribute=""
      role-search-pattern=""
      role-search-scope-subtree=""
      user-role-attribute="";
};

Additionally, an entry is added to <JAVA_HOME>/jre/lib/security/java.security 
file:

login.config.url.1=file\:C\:/gsnxst/deploy/conf/login.config

Basically, the entry in java.security points to the login.config that has the 
configuration for the custom LoginModule. Once again, this works fine as long 
as I can edit the java.security file in JAVA_HOME. But, again for 
organizational reasons, I do not want to edit the JAVA_HOME java installation 
files. Is there another way to configure my custom LoginModule for java so that 
I do not have to physically mess around with the Java configuration. There 
could be other Java programs, running on the same machine, and I don't want 
them affected by my login.config setting. Is there another alternative way to 
configure the custom LoginModule for java?

Thanks and will appreciate all responses



View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3977047#3977047

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3977047
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security & JAAS/JBoss] - Q about login config

Reply via email to