thanx for the info about the log level. I got a fine grained trace about what´s
going on now, but the issue isn´t clear to me:
the security relevant services (configured in a own sar) are created correctly
and my PolicyConfig named "lcfg" is loaded correctly too. Don´t know if this
matters, but JaasSecurityManagerService says nothing about a configured
securityMgrCtxPath named "java:/jaas/lcfg"
I have configured my NamingService XMBean with the following interceptors:
| <descriptors>
| <interceptors>
| <interceptor
code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
securityDomain="java:/jaas/lcfg" />
| <interceptor
code="org.jboss.mx.interceptor.PersistenceInterceptor2" />
| <interceptor code="org.jboss.mx.interceptor.ModelMBeanInterceptor"
/>
| <interceptor
code="org.jboss.mx.interceptor.ObjectReferenceInterceptor" />
| </interceptors>
| </descriptors>
and of course the JRMPProxyFactory for the Naming service.
Further I got a JRMPProxyFactory for the InvokerAdaptorService.
InvokerAdaptorService is configured with following interceptors on it´s
invoke() method:
| <operation>
| <name>invoke</name>
| <parameter>
| <name>invocation</name>
| <type>org.jboss.invocation.Invocation</type>
| </parameter>
| <return-type>java.lang.Object</return-type>
| <descriptors>
| <interceptors>
| <interceptor
code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
securityDomain="java:/jaas/lcfg"/>
| <interceptor
code="org.jboss.jmx.connector.invoker.SerializableInterceptor"
policyClass="StripModelMBeanInfoPolicy"/>
| </interceptors>
| </descriptors>
| </operation>
| </xmbean>
When I connect to the MBeanServer via standard
org.jnp.interfaces.NamingContextFactory, I can read all registered objects,
without auth or error, of course jmx/rmi/RMIAdaptor too.
I also can call invoke() on jmx/rmi/RMIAdaptor without auth or error.
The security log trace when I stop a web module via invoke() does not say much,
or I cannot interpret it correctly:
....
2007-10-29 18:13:09,796 TRACE [org.jboss.security.SecurityAssociation]
pushSubjectContext, subject=null, [EMAIL PROTECTED],subject=null}
....
2007-10-29 18:13:11,093 TRACE [org.jboss.security.SecurityAssociation]
popSubjectContext, [EMAIL PROTECTED],subject=null}
2007-10-29 18:13:11,109 TRACE [org.jboss.security.SecurityAssociation]
pushSubjectContext, subject=null, [EMAIL PROTECTED],subject=null}
2007-10-29 18:13:11,109 TRACE [org.jboss.security.SecurityAssociation]
popSubjectContext, [EMAIL PROTECTED],subject=null}
2007-10-29 18:13:13,281 TRACE [org.jboss.security.SecurityAssociation]
pushSubjectContext, subject=null, [EMAIL PROTECTED],subject=null}
2007-10-29 18:13:13,281 DEBUG [org.jboss.system.ServiceController] stopping
service: jboss.web.deployment:war=iwa.war,id=-1069725553
....
....
2007-10-29 18:13:13,531 DEBUG [org.apache.catalina.core.ContainerBase]
unregistering
jboss.web:j2eeType=WebModule,name=//localhost/iwa,J2EEApplication=none,J2EEServer=none
2007-10-29 18:13:13,531 TRACE
[org.jboss.web.tomcat.security.config.JBossContextConfig] destroy called with
DELEGATE_TO_PARENT=false
2007-10-29 18:13:13,531 TRACE
[org.jboss.security.jacc.JBossPolicyConfiguration] delete
2007-10-29 18:13:13,531 DEBUG [org.jboss.web.WebModule] Stopped
jboss.web.deployment:war=iwa.war,id=-1069725553
....
....
Really have no idea what kind of problem pains me.
Maybe I have to force creation of the policy config before Interceptors using a
JAAS domain are created?
Maybe I must not configure InvokerAdaptorService, JRMPInvoker aso, directly in
myServer/conf/jboss-service.xml?
btw: securing a web application with the same JAAS domain works fine and forces
my browser to pop up the login dialog.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4100390#4100390
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4100390
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
