You need to specify the security domain name in the war WEB-INF/jboss-web.xmlI have add the jboss-web.xml into the war.
descriptor.
<jboss-web> <security-domain>java:/jaas/xyz</security-domain> </jboss-web>
the security domain matches the one declared in the jboss.xml file of the EJBs jar file.
On the EJB side :
CMP beans are locked to be used only by an "Internal" user.
A session bean accessible from the outside declares method restricted to "PlainUser" and runs as user "Internal" to access local EJB
On the client side :
an HomeCaching class that caches home and remote interface of the session bean.
On the web side :
JSP files to display datas
Servlet that handles request from web browser. The JSP populates a LoginInfo bean with Username and Password. The servlet uses this LoginInfo bean by calling the login() method of this bean (which actually creates a LoginContext with the username/password and calls lc.login()). Then, servlet uses the HomeCaching class to retrieve the remote interface and call the session bean methods.
This is, somehow, a common architecture for n-tier application.
Here is the stacktrace from the point where the servlet calls the LoginInfo bean's login() method :
<code>
09:53:43,248 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: Properties file users.properties not found
at org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:212)
at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:193)
at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:95)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:651)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
at org.TechAdvantage.intranet.client.LoginInfo.login(LoginInfo.java:26)
at org.TechAdvantage.intranet.jsf.SchedulerApplicationHandler.processEvent(Unknown Source)
</code>
As the securtity domain is declared to use the DatabaseServerLoginModule, I can't figure why is the UsersRolesLoginModule called.
The log shows that the web app is correctly bound to the security domain.
Any ideas ?
thanks, ionel
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
