Loading...

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: POJO
Labels:
None

Workaround:

Workaround Exists
Workaround Description:
Hide

Add security domain configuration directly in standalone.xml, into security subsystem

<security-domain name="security-preauth" cache-type="default"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties" value="security-preauth-users.properties" /> <module-option name="rolesProperties" value="security-preauth-roles.properties" /> </login-module> </authentication> </security-domain>
Show
Add security domain configuration directly in standalone.xml, into security subsystem <security-domain name= "security-preauth" cache-type= "default" > <authentication> <login-module code= "org.jboss.security.auth.spi.UsersRolesLoginModule" flag= "required" > <module-option name= "usersProperties" value= "security-preauth-users.properties" /> <module-option name= "rolesProperties" value= "security-preauth-roles.properties" /> </login-module> </authentication> </security-domain>

I'm migrating an application which has security domain defined in *-jboss-beans.xml from AS 5 to AS 7.

<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="urn:jboss:pojo:7.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:jboss:pojo:7.0 jboss-pojo_7_0.xsd">
    <application-policy name="security-preauth">
        <authentication>
            <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
                <module-option name="usersProperties" value="security-preauth-users.properties" />
                <module-option name="rolesProperties" value="security-preauth-roles.properties" />
            </login-module>
        </authentication>
    </application-policy>
</deployment>

This security domain is specified in jboss-web.xml, as:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>security-preauth</security-domain>
    <context-root>spring-preauth</context-root>
</jboss-web>

Here's corresponding configuration in web.xml

<login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>security-preauth</realm-name>
    </login-config>

    <security-role>
        <role-name>ROLE_USER</role-name>
    </security-role>
    <security-role>
        <role-name>ROLE_SUPERVISOR</role-name>
    </security-role>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>All areas</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>ROLE_USER</role-name>
        </auth-constraint>
    </security-constraint>

This is not correctly loaded by JBoss AS, failing with (after TRACE logging is enabled):

16:46:44,287 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC00001: Failed to start service jboss.deployment.unit."spring-preauth.war".PARSE: org.jboss.msc.service.StartException in service jboss.deployment.unit."spring-preauth.war".PARSE: Failed to process phase PARSE of deployment "spring-preauth.war"
        at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:121) [jboss-as-server-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1824) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1759) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_24]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_24]
        at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]
Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: Failed to parse POJO xml ["/content/spring-preauth.war/META-INF/security-preauth-jboss-beans.xml"]
        at org.jboss.as.pojo.KernelDeploymentParsingProcessor.parseDescriptor(KernelDeploymentParsingProcessor.java:130)
        at org.jboss.as.pojo.KernelDeploymentParsingProcessor.parseDescriptors(KernelDeploymentParsingProcessor.java:104)
        at org.jboss.as.pojo.KernelDeploymentParsingProcessor.deploy(KernelDeploymentParsingProcessor.java:73)
        at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:115) [jboss-as-server-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
        ... 5 more
Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[5,5]
Message: Unexpected element '{urn:jboss:pojo:7.0}application-policy' encountered
        at org.jboss.as.controller.parsing.ParseUtils.unexpectedElement(ParseUtils.java:65)
        at org.jboss.as.pojo.descriptor.KernelDeploymentXmlDescriptorParser.readElement(KernelDeploymentXmlDescriptorParser.java:174)
        at org.jboss.as.pojo.descriptor.KernelDeploymentXmlDescriptorParser.readElement(KernelDeploymentXmlDescriptorParser.java:50)
        at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:100)
        at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:59)
        at org.jboss.as.pojo.KernelDeploymentParsingProcessor.parseDescriptor(KernelDeploymentParsingProcessor.java:123)
        ... 8 more

Note: With AS 7.0.1 this is not working at all, *-jboss-beans.xml is ignored.

Workaround is modify standalone.xml and add the security domain there, but it's not a feasible solution as it makes automated testing much more difficult.

is related to

AS7-319 Add support for legacy MC configuration

Resolved

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates