Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-781

urn:jboss:pojo:7.0 is a subset of *-jboss-beans.xml, application-policy is not available

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • None
    • POJO
    • None
    • Workaround Exists
    • Hide

      Add security domain configuration directly in standalone.xml, into security subsystem

                      <security-domain name="security-preauth" cache-type="default">      
                    <authentication>
                        <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
                            <module-option name="usersProperties" value="security-preauth-users.properties" />
                            <module-option name="rolesProperties" value="security-preauth-roles.properties" />
                        </login-module>
                    </authentication>
                </security-domain>
      Show
      Add security domain configuration directly in standalone.xml, into security subsystem <security-domain name= "security-preauth" cache-type= "default" > <authentication> <login-module code= "org.jboss.security.auth.spi.UsersRolesLoginModule" flag= "required" > <module-option name= "usersProperties" value= "security-preauth-users.properties" /> <module-option name= "rolesProperties" value= "security-preauth-roles.properties" /> </login-module> </authentication> </security-domain>

    Description

      I'm migrating an application which has security domain defined in *-jboss-beans.xml from AS 5 to AS 7.

      <?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="urn:jboss:pojo:7.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:jboss:pojo:7.0 jboss-pojo_7_0.xsd">
    <application-policy name="security-preauth">
        <authentication>
            <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
                <module-option name="usersProperties" value="security-preauth-users.properties" />
                <module-option name="rolesProperties" value="security-preauth-roles.properties" />
            </login-module>
        </authentication>
    </application-policy>
</deployment>

      This security domain is specified in jboss-web.xml, as:

      <?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>security-preauth</security-domain>
    <context-root>spring-preauth</context-root>
</jboss-web>

      Here's corresponding configuration in web.xml

      <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>security-preauth</realm-name>
    </login-config>

    <security-role>
        <role-name>ROLE_USER</role-name>
    </security-role>
    <security-role>
        <role-name>ROLE_SUPERVISOR</role-name>
    </security-role>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>All areas</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>ROLE_USER</role-name>
        </auth-constraint>
    </security-constraint>

      This is not correctly loaded by JBoss AS, failing with (after TRACE logging is enabled):

      16:46:44,287 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC00001: Failed to start service jboss.deployment.unit."spring-preauth.war".PARSE: org.jboss.msc.service.StartException in service jboss.deployment.unit."spring-preauth.war".PARSE: Failed to process phase PARSE of deployment "spring-preauth.war"
        at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:121) [jboss-as-server-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1824) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1759) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]
        at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]
Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: Failed to parse POJO xml ["/content/spring-preauth.war/META-INF/security-preauth-jboss-beans.xml"]
        at org.jboss.as.pojo.KernelDeploymentParsingProcessor.parseDescriptor(KernelDeploymentParsingProcessor.java:130)
        at org.jboss.as.pojo.KernelDeploymentParsingProcessor.parseDescriptors(KernelDeploymentParsingProcessor.java:104)
        at org.jboss.as.pojo.KernelDeploymentParsingProcessor.deploy(KernelDeploymentParsingProcessor.java:73)
        at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:115) [jboss-as-server-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
        ... 5 more
Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[5,5]
Message: Unexpected element '{urn:jboss:pojo:7.0}application-policy' encountered
        at org.jboss.as.controller.parsing.ParseUtils.unexpectedElement(ParseUtils.java:65)
        at org.jboss.as.pojo.descriptor.KernelDeploymentXmlDescriptorParser.readElement(KernelDeploymentXmlDescriptorParser.java:174)
        at org.jboss.as.pojo.descriptor.KernelDeploymentXmlDescriptorParser.readElement(KernelDeploymentXmlDescriptorParser.java:50)
        at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:100)
        at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:59)
        at org.jboss.as.pojo.KernelDeploymentParsingProcessor.parseDescriptor(KernelDeploymentParsingProcessor.java:123)
        ... 8 more

      Note: With AS 7.0.1 this is not working at all, *-jboss-beans.xml is ignored.

      Workaround is modify standalone.xml and add the security domain there, but it's not a feasible solution as it makes automated testing much more difficult.

      Attachments

        Issue Links

          is related to

          Feature Request - Feature requests from customers and/or users AS7-319 Add support for legacy MC configuration

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              ajustin@redhat.com Ales Justin
              kpiwko Karel Piwko
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: