Re: [JBoss-user] JAAS - Problem with Ldap Realm

Keene Hammond Thu, 07 Nov 2002 10:52:38 -0800

Scott,
Thanks, I have tried what you suggested, here are the results. (No success, yet). It is indeed pointing the the correct file (which I have attached) and below is also a snippet from the jmx-console.

2002-11-07 13:25:32,135 INFO [org.jboss.security.plugins.SecurityConfig] Starting
2002-11-07 13:25:32,135 DEBUG [org.jboss.security.plugins.SecurityConfig] Installed JAAS Configuration service=jboss.security:service=XMLLoginConfig, config=org.jboss.security.auth.login.XMLLoginConfig@16f144c
2002-11-07 13:25:32,135 INFO [org.jboss.security.plugins.SecurityConfig] Started
2002-11-07 13:25:32,135 DEBUG [org.jboss.security.auth.login.XMLLoginConfig] Loading xmlConfig=file:/C:/opt/jboss-3.0.4/server/wtg/conf/login-config.xml
2002-11-07 13:25:32,195 INFO [org.jboss.security.plugins.JaasSecurityManagerService] Starting
2002-11-07 13:25:32,205 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] securityMgrCtxPath=java:/jaas
2002-11-07 13:25:32,215 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] cachePolicyCtxPath=java:/timedCacheFactory
2002-11-07 13:25:32,225 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] SecurityProxyFactory=org.jboss.security.SubjectSecurityProxyFactory@9934d4
2002-11-07 13:25:32,225 INFO [org.jboss.security.plugins.JaasSecurityManagerService] Started
2002-11-07 13:25:32,225 DEBUG [org.jboss.system.ServiceController] Starting dependent components: [ObjectName: jboss:service=TransactionManager
state: CREATED
I Depend On: jboss:service=XidFactory

Depends On Me: ]

Here is the view from the jmx-console
...
java: Namespace

   +- jaas (class: javax.naming.Context)
   |   +- other (class: org.jboss.security.plugins.SecurityDomainContext)
   |   +- JmsXARealm (class: org.jboss.security.plugins.SecurityDomainContext)
   |   +- jbossmq (class: org.jboss.security.plugins.SecurityDomainContext)
   |   +- http-invoker (class: org.jboss.security.plugins.SecurityDomainContext)
...

Well what do you think???
-Keene

Scott M Stark wrote:

Show the output of the first part of the startup of the server to show which
config directory is being used, for example:
8:07:20.05>pwd
/usr/JBoss3.0/jboss-all/build/output/jboss-3.0.5RC1/bin
8:07:38.71>run
===============================================================================
.
JBoss Bootstrap Environment
.
JBOSS_HOME: C:\usr\JBoss3.0\jboss-all\build\output\jboss-3.0.5RC1\bin\\..
.
JAVA: /usr/local/Java/jdk1.3.1_05\bin\java
.
JAVA_OPTS: -Dprogram.name=run.bat
.
CLASSPATH: ;/usr/local/Java/jdk1.3.1_05\lib\tools.jar;C:\usr\JBoss3.0\jboss-al
l\build\output\jboss-3.0.5RC1\bin\\run.jar
.
===============================================================================
.
08:07:42,452 INFO [Server] JBoss Release: JBoss-3.0.4RC1 CVSTag=Branch_3_0
08:07:42,472 INFO [Server] Home Dir: C:\usr\JBoss3.0\jboss-all\build\output\jbo
ss-3.0.5RC1
08:07:42,472 INFO [Server] Home URL: file:/C:/usr/JBoss3.0/jboss-all/build/outp
ut/jboss-3.0.5RC1/
08:07:42,472 INFO [Server] Library URL: file:/C:/usr/JBoss3.0/jboss-all/build/o
utput/jboss-3.0.5RC1/lib/
08:07:42,472 INFO [Server] Patch URL: null
08:07:42,472 INFO [Server] Server Name: default
08:07:42,472 INFO [Server] Server Home Dir: C:\usr\JBoss3.0\jboss-all\build\out
put\jboss-3.0.5RC1\server\default
08:07:42,472 INFO [Server] Server Home URL: file:/C:/usr/JBoss3.0/jboss-all/bui
ld/output/jboss-3.0.5RC1/server/default/
08:07:42,472 INFO [Server] Server Data Dir: C:\usr\JBoss3.0\jboss-all\build\out
put\jboss-3.0.5RC1\server\default\db
08:07:42,472 INFO [Server] Server Temp Dir: C:\usr\JBoss3.0\jboss-all\build\out
put\jboss-3.0.5RC1\server\default\tmp
08:07:42,482 INFO [Server] Server Config URL: file:/C:/usr/JBoss3.0/jboss-all/b
uild/output/jboss-3.0.5RC1/server/default/conf/
08:07:42,482 INFO [Server] Server Library URL: file:/C:/usr/JBoss3.0/jboss-all/
build/output/jboss-3.0.5RC1/server/default/lib/
08:07:42,482 INFO [Server] Root Deployemnt Filename: jboss-service.xml
08:07:42,482 INFO [Server] Starting General Purpose Architecture (GPA)...
08:07:42,742 INFO [ServerInfo] Java version: 1.3.1_05,Sun Microsystems Inc.
08:07:42,752 INFO [ServerInfo] Java VM: Java HotSpot(TM) Client VM 1.3.1_05-b02,Sun Microsystems Inc.
Prior to this, edit the conf/log4j.xml for the configuration you are using and either
remove the Threshold attribute of the FILE appender or change it to DEBUG:
<appender name="FILE" class="org.jboss.logging.appender.DailyRollingFileAppender">
    <param name="File" value="${jboss.server.home.dir}/log/server.log"/>
    <param name="Append" value="false"/>
    <param name="Threshold" value="DEBUG"/>
...
Then look to the log/server.log file and look for the following XMLLoginConfig which
tells you which configuration was loaded:
2002-11-07 08:16:07,168 DEBUG [org.jboss.security.auth.login.XMLLoginConfig] Loading
xmlConfig=file:/C:/usr/JBoss3.0/jboss-all/build/output/jboss-3.0.5RC1/server/default/conf/login-config.xml
xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message -----
From: "Keene Hammond" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 07, 2002 5:45 AM
Subject: Re: [JBoss-user] JAAS - Problem with Ldap Realm
> I am using a renamed copy of the "all" server. But I even tried changing every single
> login-config.xml on my system.
> This was working fine on my 2.x flavor with the auth.conf...
> Any ideas? anyone?
>
> OS: XPsp1
> JAVA: 1.4.1_01
> JBoss: 3.0.4
>
> -Keene
>
-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
      "-//JBoss//DTD JBOSS Security Config 3.0//EN"
      "http://www.jboss.org/j2ee/dtd/security_config.dtd";>


<!-- The XML based JAAS login configuration read by the
org.jboss.security.auth.login.XMLLoginConfig mbean. Add
an application-policy element for each security domain.

The outline of the application-policy is:
<application-policy name="security-domain-name">
  <authentication>
    <login-module code="login.module1.class.name" flag="control_flag">
      <module-option name = "option1-name">option1-value</module-option>
      <module-option name = "option2-name">option2-value</module-option>
      ...
    </login-module>

    <login-module code="login.module2.class.name" flag="control_flag">
      ...
    </login-module>
    ...
  </authentication>
</application-policy>

$Revision: 1.1.2.4 $
-->

<policy>
    <!-- Used by clients within the application server VM such as
    mbeans and servlets that access EJBs.
    -->
    <application-policy name = "client-login">
       <authentication>
          <login-module code = "org.jboss.security.ClientLoginModule"
             flag = "required">
          </login-module>
       </authentication>
    </application-policy>

    <!-- Security domain for JBossMQ -->
    <application-policy name = "jbossmq">
       <authentication>
          <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
             flag = "required">
             <module-option name = "unauthenticatedIdentity">guest</module-option>
	     <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
          </login-module>
       </authentication>
    </application-policy>

    <!-- Security domains for testing new jca framework -->
    <application-policy name = "HsqlDbRealm">
       <authentication>
          <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
             flag = "required">
             <module-option name = "principal">sa</module-option>
             <module-option name = "userName">sa</module-option>
             <module-option name = "password"></module-option>
             <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=hsqldbDS</module-option>
          </login-module>
       </authentication>
    </application-policy>

    <application-policy name = "FirebirdDBRealm">
       <authentication>
          <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
             flag = "required">
             <module-option name = "principal">sysdba</module-option>
             <module-option name = "userName">sysdba</module-option>
             <module-option name = "password">masterkey</module-option>
             <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
          </login-module>
       </authentication>
    </application-policy>

    <application-policy name = "JmsXARealm">
       <authentication>
          <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
             flag = "required">
             <module-option name = "principal">guest</module-option>
             <module-option name = "userName">guest</module-option>
             <module-option name = "password">guest</module-option>
             <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=jmsra</module-option>
          </login-module>
       </authentication>
    </application-policy>

    <!-- A template configuration for the jmx-console web application. This
      defaults to the UsersRolesLoginModule the same as other and should be
      changed to a stronger authentication mechanism as required.
    -->
    <application-policy name = "jmx-console">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required" />
       </authentication>
    </application-policy>

    <!-- The default login configuration used by any security domain that
    does not have a application-policy entry with a matching name
    -->
    <application-policy name = "other">
       <!-- A simple server login module, which can be used when the number
       of users is relatively small. It uses two properties files:
       users.properties, which holds users (key) and their password (value).
       roles.properties, which holds users (key) and a comma-separated list of
       their roles (value).
       The unauthenticatedIdentity property defines the name of the principal
       that will be used when a null username and password are presented as is
       the case for an unuathenticated web client or MDB. If you want to
       allow such users to be authenticated add the property, e.g.,
       unauthenticatedIdentity="nobody"
       -->
       <authentication>
          <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required" />
       </authentication>
    </application-policy>

    <!-- Internal Directory Service Authentication -->
	 	<application-policy name="ldap">
	 		<authentication>
	 			<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
	 				<module-option name = "java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
	 				<module-option name = "java.naming.security.authentication">simple</module-option>
	 				<module-option name = "principleDNPrefix">uid=</module-option>
	 				<module-option name = "principleDNSuffix">,ou=People, o=Paychex Inc, c=US</module-option>
	 				<module-option name = "uidAttributeID">uniqueMember</module-option>
	 				<module-option name = "roleAttributeID">cn</module-option>
	 				<module-option name = "rolesCtxDN">ou=Groups,o=Paychex Inc,c=US</module-option>
	 				<module-option name = "matchOnUserDN">true</module-option>
	 				<module-option name = "unauthenticatedIdentity">nobody</module-option>
	 				<module-option name = "java.naming.provider.url">ldap://akhammon.paychex.com:389/</module-option>
	 			</login-module>
	 		</authentication>
	 	</application-policy>


</policy>

Re: [JBoss-user] JAAS - Problem with Ldap Realm

Reply via email to