[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
[EMAIL PROTECTED] wrote : I am unsure why resources at the root of the ear are still working. It's due to this flag we added, specially for you. ;-) - EarStructure::includeEarRootInClasspath - http://anonsvn.jboss.org/repos/jbossas/trunk/server/src/main/org/jboss/deployment/EARStructure.java Currently by default is true, for back-compatibility, but in the future it should be false. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4183404#4183404 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4183404 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
[EMAIL PROTECTED] wrote : The resources need to go inside a jar under the EAR/lib directory. Anil, So does this mean that the dynamic login config xml file can no longer be packaged individually? It always has to be part of a jar file(inside the EAR/lib)? In general, assuming that in future releases the includeEarRootInClasspath flag is set to false, any xml config file which was earlier at the root of the EAR will now have to be packaged in a jar and included in the lib folder to be available in the application's classpath? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4183445#4183445 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4183445 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
[EMAIL PROTECTED] wrote : Do you know we scan there (I mean the ear classpath) for the beans? No, we only scan true deployments for metadata resources. Ear classpath != true deployment. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4183491#4183491 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4183491 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
So, if an user wants to bundle beans inside EARs, where does he need to put? I personally deploy beans outside of the EARs (as a separate deployment). View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4183492#4183492 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4183492 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
Ales, if I put beans inside xxx-jboss-beans.xml and place it inside a jar in the EAR/lib, I saw that it was not getting deployed. Do you know we scan there (I mean the ear classpath) for the beans? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4183486#4183486 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4183486 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
[EMAIL PROTECTED] wrote : So, if an user wants to bundle beans inside EARs, where does he need to put? Plain jar inside ear? e.g. someapp.ear/my-beans.jar - META-INF/mybeans-jboss-beans.xml - com|org|net|si| ... View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4183514#4183514 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4183514 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
The resources need to go inside a jar under the EAR/lib directory. I am unsure why resources at the root of the ear are still working. I need to ping Adrian on this one. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4183320#4183320 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4183320 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
I tried this on JBoss-5 CR1 and even JBoss-5 Beta4. Looks like something changed between Beta 4 and CR1. The application that works on Beta 4, does not work on CR1. However, i could get the application to work on CR1 too by placing the xml at a different location. Here are the details. I have an EAR file which has a test-jboss-service.xml, a dynamic-login-config.xml, a jboss-app.xml and a WAR file. For JBoss-5 Beta 4, here's the EAR contents: | ZEJB3Persistence.ear | | | |--- META-INF | | | | | |--- application.xml | | | | | |--- jboss-app.xml | | | | | |--- test-jboss-service.xml | | | | | |--- MyApp.war | | | | | |--- WEB-INF | | | | | | | |--- classes | | | | | | | | | |--- dynamic-login-config.xml | | | The dynamic-login-config.xml was in the EAR/WAR/WEB-INF/classes folder. The jboss-app.xml pointed to the service file: | jboss-app | | module | servicetest-jboss-service.xml/service | /module | /jboss-app The test-jboss-service.xml looks like: server | mbean code=org.jboss.security.auth.login.DynamicLoginConfig | name=jboss:service=DynamicLoginConfig | attribute name=AuthConfigdynamic-login-config.xml/attribute | depends optional-attribute-name=LoginConfigServicejboss.security:service=XMLLoginConfig/depends | depends optional-attribute-name=SecurityManagerServicejboss.security:service=JaasSecurityManager/depends | /mbean | /server | This worked without any issues in Beta 4. I could see this in the server.log: | 2008-09-03 15:00:55,733 DEBUG [org.jboss.system.ServiceConfigurator] AuthConfig set to dynamic-login-config.xml in jboss:service=DynamicLoginConfig | 2008-09-03 15:00:55,733 DEBUG [org.jboss.system.ServiceConfigurator] LoginConfigService set to jboss.security:service=XMLLoginConfig in jboss:service=DynamicLoginConfig | 2008-09-03 15:00:55,733 DEBUG [org.jboss.system.ServiceConfigurator] SecurityManagerService set to jboss.security:service=JaasSecurityManager in jboss:service=DynamicLoginConfig | 2008-09-03 15:00:55,733 DEBUG [org.jboss.system.ServiceController] Creating service jboss:service=DynamicLoginConfig | 2008-09-03 15:00:55,733 DEBUG [org.jboss.security.auth.login.DynamicLoginConfig] Creating jboss:service=DynamicLoginConfig | 2008-09-03 15:00:55,733 DEBUG [org.jboss.security.auth.login.DynamicLoginConfig] Created jboss:service=DynamicLoginConfig | 2008-09-03 15:00:55,733 DEBUG [org.jboss.system.ServiceController] starting service jboss:service=DynamicLoginConfig | 2008-09-03 15:00:55,733 DEBUG [org.jboss.security.auth.login.DynamicLoginConfig] Starting jboss:service=DynamicLoginConfig | 2008-09-03 15:00:55,858 DEBUG [org.jboss.security.auth.login.DynamicLoginConfig] Using JAAS AuthConfig: vfsfile:/D:/jboss-5.0.0.Beta4/server/jaikiran/deploy/ZEJB3Persistence.ear/myapp.war/WEB-INF/classes/dynamic-login-config.xml | 2008-09-03 15:00:55,858 DEBUG [org.jboss.security.auth.login.XMLLoginConfigImpl] Try loading config as XML, url=vfsfile:/D:/jboss-5.0.0.Beta4/server/jaikiran/deploy/ZEJB3Persistence.ear/myapp.war/WEB-INF/classes/dynamic-login-config.xml | 2008-09-03 15:00:55,858 DEBUG [org.jboss.xb.binding.parser.sax.SaxJBossXBParser] Created parser: [EMAIL PROTECTED], isNamespaceAware: true, isValidating: true, isXIncludeAware: true | 2008-09-03 15:00:55,858 DEBUG [org.jboss.xb.binding.parser.sax.SaxJBossXBParser] http://xml.org/sax/features/validation set to: true | 2008-09-03 15:00:55,858 DEBUG [org.jboss.xb.binding.parser.sax.SaxJBossXBParser] http://xml.org/sax/features/namespaces set to: true | 2008-09-03 15:00:55,858 DEBUG [org.jboss.xb.binding.parser.sax.SaxJBossXBParser] http://apache.org/xml/features/validation/dynamic set to: true | 2008-09-03 15:00:55,858 DEBUG [org.jboss.xb.binding.parser.sax.SaxJBossXBParser] Created parser: [EMAIL PROTECTED], isNamespaceAware: true, isValidating: true, isXIncludeAware: true | 2008-09-03 15:00:55,858 DEBUG [org.jboss.security.auth.login.DynamicLoginConfig] Loaded config: simple-security-domain | 2008-09-03 15:00:55,858 DEBUG [org.jboss.security.auth.login.DynamicLoginConfig] Started jboss:service=DynamicLoginConfig | This same application fails with the following exception on JBoss 5 CR1: | 15:24:02,470 ERROR [AbstractKernelController] Error installing to Start: name=jboss:service=DynamicLoginConfig state=Create mode=Manual requiredState=Installed | org.jboss.deployment.DeploymentException: Failed to find authConf as resource: dynamic-login-config.xml | at org.jboss.security.auth.login.DynamicLoginConfig.startService(DynamicLoginConfig.java:236) | at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:376) | at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:322) | at
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
I think that this behavior reflects the closing of a hole in the classloading architecture. Essentially, classes within a war should be isolated and not accessible from outside the war. This includes resources. Therefore, the behavior for beta4 was incorrect, while the behavior for CR1 is correct. And the workaround Jaikarin posted is in fact the correct way of doing this. So I guess I disagree with Anil's earlier statement of what is on the classpath - the xxx.war/web-inf/classes path should not be on the classpath of an ear. I did notice in the betas that the class isolation rules were relaxed. For a while, it appeared as if there was a single classloader repository and thus all classes, including those in WAR files, were visible everywhere. I noticed that this hole was plugged in CR1. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4174107#4174107 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4174107 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
So is this a bug in CR1? Has anybody been able to get dynamic login to work? If possible, could somebody point me to where the unit tests might be for this, because I couldn't seem to find them. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4173834#4173834 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4173834 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
OK, I just tried this out on CR1, using the same code that I got to work on Beta4, and it doesn't seem to work. Did something change again? Here is the service: | server | mbean code=org.jboss.security.auth.login.DynamicLoginConfig | name=jboss:service=DynamicLoginConfig | attribute name=AuthConfigdynamic-login-config.xml/attribute | depends optional-attribute-name=LoginConfigServicejboss.security:service=XMLLoginConfig/depends | depends optional-attribute-name=SecurityManagerServicejboss.security:service=JaasSecurityManager/depends | /mbean | /server | Here is the dynamic-login-config.xml file (in my WEB-INF/classes directory) so it should be accessible by the VFS Classloader: | policy | | application-policy name = simple-security-domain | authentication |login-module code=org.jboss.security.auth.spi.UsersRolesLoginModule flag = required | module-option name=usersPropertiesmyusers.properties/module-option | module-option name=rolesPropertiesmyroles.properties/module-option |/login-module | /authentication | /application-policy | | /policy | And here is the error: | 18:10:05,711 ERROR [AbstractKernelController] Error installing to Start: name=jb | oss:service=DynamicLoginConfig state=Create mode=Manual requiredState=Installed | org.jboss.deployment.DeploymentException: Failed to find authConf as resource: d | ynamic-login-config.xml | at org.jboss.security.auth.login.DynamicLoginConfig.startService(Dynamic | LoginConfig.java:236) | at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanS | upport.java:376) | at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMB | eanSupport.java:322) | at sun.reflect.GeneratedMethodAccessor65.invoke(Unknown Source) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces | sorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatch | er.java:157) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96) | at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) | at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker. | java:264) | at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668) | at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java | :189) | at $Proxy35.start(Unknown Source) | at org.jboss.system.microcontainer.StartStopLifecycleAction.installActio | n(StartStopLifecycleAction.java:42) | at org.jboss.system.microcontainer.StartStopLifecycleAction.installActio | n(StartStopLifecycleAction.java:37) | at org.jboss.dependency.plugins.action.SimpleControllerContextAction.sim | pleInstallAction(SimpleControllerContextAction.java:62) | at org.jboss.dependency.plugins.action.AccessControllerContextAction.ins | tall(AccessControllerContextAction.java:71) | at org.jboss.dependency.plugins.AbstractControllerContextActions.install | (AbstractControllerContextActions.java:51) | at org.jboss.dependency.plugins.AbstractControllerContext.install(Abstra | View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4172202#4172202 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4172202 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
I had a WAR file, but that is what the problem was. I had to move the dynamic-login.xml file to the WEB-INF/classes directory. One thing that should be noted is that (I think) the default file that the dynamic login config service looks for is not available in this new strict classpath. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4135819#4135819 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4135819 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
There was a change in the classloaders from Unified Classloader to VFS Classloader. What it basically means is that resources are detected in a strict spec compliant way. For an ear, if you have a war underneath the resource(xml file) can be under WEB-INF/classes. If not, you can have ear/lib/somejar/xyz.xml or you will need to use the manifest to define classpath entries. For an ear, the classpath will not include the root of the ear. Hence META-INF/xyz.xml will not be detected. ear-lib, ear-war-WEB-INF/classes are on the classpath. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4134735#4134735 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4134735 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Dynamic login config broken in JBoss 5 Beta4
Does anybody know if this is a known issue, or should I open a bug? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4131879#4131879 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4131879 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user