In this recipe, we will configure GateIn with JAAS using JBoss AS (5.x and 6.x).
Create a new file named jboss-web.xml
in the WEB-INF
folder with the following content:
<jboss-web> <security-domain> java:/jaas/gatein-domain </security-domain> </jboss-web>
This is the JNDI URL where the JAAS module will be referenced. This URL will automatically search the JAAS modules called gatein-domain
.
The configuration of the modules can be found inside the file gatein-jboss-beans.xml
. Usually, this file is inside the deployed <PORTAL_WAR_ROOT>/META-INF
, but it could be placed anywhere inside the deploy directory of JBoss, thanks to the auto-discovery feature provided by the JBoss AS.
Here is an example:
<deployment xmlns="urn:jboss:bean-deployer:2.0">
<application-policy
xmlns="urn:jboss:security-beans:1.0"
name="gatein-domain">
<authentication>
<login-module code=
"org.gatein.wci.security.WCILoginModule"
flag="optional">
<module-option name="portalContainerName">
portal
</module-option>
<module-option name="realmName">
gatein-domain
</module-option>
</login-module>
<login-module code=
"org.exoplatform.web.security.PortalLoginModule" flag="required">
………..
</application-policy>
</deployment>
JAAS allows adding several login modules, which will be executed in cascade mode according to the flag
attribute. The following represents a description of the valid values for the flag
attribute and their respective semantics as mentioned in the Java standard API:
Required
: The LoginModule is required to succeed. If it succeeds or fails, authentication still continues to proceed to the next LoginModule in the list.Requisite
: The LoginModule is required to succeed. If it succeeds, authentication continues on the next LoginModule in the list. If it fails, the control immediately returns to the application and the authentication process does not proceed to the next LoginModule.Sufficient
: The LoginModule is not required to succeed. If it does succeed, the control immediately returns to the application and the authentication process does not proceed to the next LoginModule. If it fails, authentication continues forward to the next LoginModule.Optional
: The LoginModule is not required to succeed. If it succeeds or fails, authentication still continues to proceed to the next LoginModule. Look at the recipe Choosing the JAAS modules for details about each login module.
18.226.104.27