0 Replies Latest reply on Nov 10, 2009 9:50 AM by fjaouen

    Custom security problem with JBoss 5.0.1

    fjaouen

      Hi,

      I am currently doing a migration of a Flex 3 Web application from JBoss 4.0.5 to JBoss 5.0.1.

      In short term, in my application the security is managed by Flex (using services-config.xml) and there is no security stuff in my web.xml, neither in my jboss-web.xml (no security-domain specified). In Flex my security is custom and do not use server configuration. It is Java code which is bound to Spring security (DAO).

      In my JBoss 4.0.5 all is working correctly. When I access my Web Application, my Flex login let me enter my user/password and I see in my logs my custom class called:

      2009-09-23 10:10:27,682 INFO  [com.test.infra.security.SpringSecurityLoginCommand] doAuthentication for user admin
      2009-09-23 10:10:28,713 INFO  [com.test.infra.security.SpringSecurityLoginCommand] doAuthentication for user admin succeeded
      2009-09-23 10:10:28,713 INFO  [com.test.infra.security.SpringSecurityLoginCommand] found user preference locale : en_US

      And then I can access my application.

      In JBoss 5.0.1 I dot not see these log entries. It seems that JBoss is applying default policy. And I am not able to log in my application:
      2009-11-09 17:11:29,016 DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement] (http-127.0.0.1-8080-1) Creating SDC for domain=jboss-web-policy
      2009-11-09 17:11:29,016 DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] (http-127.0.0.1-8080-1) CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@92f645
      2009-11-09 17:11:29,016 DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] (http-127.0.0.1-8080-1) CachePolicy set to: org.jboss.util.TimedCachePolicy@66389d
      2009-11-09 17:11:29,016 DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement] (http-127.0.0.1-8080-1) setCachePolicy, c=org.jboss.util.TimedCachePolicy@66389d

      I do not have any idea why JAAS is applying in that case ? Neither what have change in JBoss which could give this behavior ? Neither what I have to do avoid this ?

      I spent a lot of time searching the Web but I do not find any response.

      Thanks anybody could help me pass this step !