JBoss JDBCRealm wie setzen

mfe · 7. März 2014 um 09:22

Hallo,

ich versuche schon seit einer weile meine Webapp mittels JDBCRealm zu schützen. Momentan sieht meine standalone.xml so aus:
Die Env-Variablen werden vom openshift Hoster gesetzt.

<?xml version='1.0' encoding='UTF-8'?>

<server xmlns="urn:jboss:domain:1.1">

	<extensions>
		<extension module="org.jboss.as.clustering.infinispan" />
		<extension module="org.jboss.as.clustering.jgroups" />
		<extension module="org.jboss.as.cmp" />
		<extension module="org.jboss.as.configadmin" />
		<extension module="org.jboss.as.connector" />
		<extension module="org.jboss.as.deployment-scanner" />
		<extension module="org.jboss.as.ee" />
		<extension module="org.jboss.as.ejb3" />
		<extension module="org.jboss.as.jacorb" />
		<extension module="org.jboss.as.jaxr" />
		<extension module="org.jboss.as.jaxrs" />
		<extension module="org.jboss.as.jdr" />
		<extension module="org.jboss.as.jmx" />
		<extension module="org.jboss.as.jpa" />
		<extension module="org.jboss.as.jsr77" />
		<extension module="org.jboss.as.logging" />
		<extension module="org.jboss.as.mail" />
		<extension module="org.jboss.as.messaging" />
		<extension module="org.jboss.as.naming" />
		<extension module="org.jboss.as.osgi" />
		<extension module="org.jboss.as.pojo" />
		<extension module="org.jboss.as.remoting" />
		<extension module="org.jboss.as.sar" />
		<extension module="org.jboss.as.security" />
		<extension module="org.jboss.as.threads" />
		<extension module="org.jboss.as.transactions" />
		<extension module="org.jboss.as.web" />
		<extension module="org.jboss.as.webservices" />
		<extension module="org.jboss.as.weld" />
	</extensions>

	<system-properties>
		<property name="org.apache.coyote.http11.Http11Protocol.COMPRESSION"
			value="on" />

		<property name="org.apache.catalina.connector.URI_ENCODING"
			value="UTF-8" />
		<property
			name="org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING"
			value="true" />
	</system-properties>


	<management>
<!-- 
		<security-realms>
			<security-realm name="managementSecurityRealm">
				<authentication>
					<jaas name="loginRealm" />
				</authentication>
			</security-realm>
		</security-realms>
 -->
		<management-interfaces>
			<native-interface security-realm="managementSecurityRealm">
				<socket-binding native="management-native" />
			</native-interface>
			<http-interface security-realm="managementSecurityRealm">
				<socket-binding http="management-http" />
			</http-interface>
		</management-interfaces>

	</management>

	<profile>
		<subsystem xmlns="urn:jboss:domain:logging:1.1">
			<!--console-handler name="CONSOLE"> <level name="INFO"/> <formatter> <pattern-formatter 
				pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/> </formatter> </console-handler -->
			<periodic-rotating-file-handler name="FILE">
				<formatter>
					<pattern-formatter
						pattern="%d{yyyy/MM/dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n" />
				</formatter>
				<file relative-to="jboss.server.log.dir" path="server.log" />
				<suffix value=".yyyy-MM-dd" />
				<append value="true" />
			</periodic-rotating-file-handler>
			<logger category="com.arjuna">
				<level name="WARN" />
			</logger>
			<logger category="org.apache.tomcat.util.modeler">
				<level name="WARN" />
			</logger>
			<logger category="sun.rmi">
				<level name="WARN" />
			</logger>
			<logger category="jacorb">
				<level name="WARN" />
			</logger>
			<logger category="jacorb.config">
				<level name="ERROR" />
			</logger>

			<logger category="jboss.jdbc.spy">
				<level name="TRACE" />
			</logger>
			<!-- <logger category="org.hibernate"> <level name="DEBUG"/> </logger> -->
			<root-logger>
				<level name="INFO" />
				<handlers>
					<!--handler name="CONSOLE"/ -->
					<handler name="FILE" />
				</handlers>
			</root-logger>
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:cmp:1.0" />
		<subsystem xmlns="urn:jboss:domain:configadmin:1.0" />
		<subsystem xmlns="urn:jboss:domain:datasources:1.0">
			<datasources>
				<datasource jndi-name="java:jboss/datasources/ExampleDS"
					enabled="true" use-java-context="true" pool-name="H2DS">
					<connection-url>jdbc:h2:${jboss.server.data.dir}/test;DB_CLOSE_DELAY=-1</connection-url>
					<driver>h2</driver>
					<security>
						<user-name>sa</user-name>
						<password>sa</password>
					</security>
				</datasource>
				<datasource jndi-name="java:jboss/datasources/MysqlDS"
					enabled="${mysql.enabled}" use-java-context="true" pool-name="MysqlDS"
					use-ccm="true">
					<connection-url>jdbc:mysql://${env.OPENSHIFT_MYSQL_DB_HOST}:${env.OPENSHIFT_MYSQL_DB_PORT}/${env.OPENSHIFT_APP_NAME}</connection-url>
					<driver>mysql</driver>
					<security>
						<user-name>${env.OPENSHIFT_MYSQL_DB_USERNAME}</user-name>
						<password>${env.OPENSHIFT_MYSQL_DB_PASSWORD}</password>
					</security>
					<validation>
						<check-valid-connection-sql>SELECT 1</check-valid-connection-sql>
						<background-validation>true</background-validation>
						<background-validation-millis>60000</background-validation-millis>
						<!--<validate-on-match>true</validate-on-match> -->
					</validation>
					<pool>
						<flush-strategy>IdleConnections</flush-strategy>
					</pool>
				</datasource>
				<datasource jndi-name="java:jboss/datasources/PostgreSQLDS"
					enabled="${postgresql.enabled}" use-java-context="true" pool-name="PostgreSQLDS"
					use-ccm="true">
					<connection-url>jdbc:postgresql://${env.OPENSHIFT_POSTGRESQL_DB_HOST}:${env.OPENSHIFT_POSTGRESQL_DB_PORT}/${env.OPENSHIFT_APP_NAME}</connection-url>
					<driver>postgresql</driver>
					<security>
						<user-name>${env.OPENSHIFT_POSTGRESQL_DB_USERNAME}</user-name>
						<password>${env.OPENSHIFT_POSTGRESQL_DB_PASSWORD}</password>
					</security>
					<validation>
						<check-valid-connection-sql>SELECT 1</check-valid-connection-sql>
						<background-validation>true</background-validation>
						<background-validation-millis>60000</background-validation-millis>
						<!--<validate-on-match>true</validate-on-match> -->
					</validation>
					<pool>
						<flush-strategy>IdleConnections</flush-strategy>
					</pool>
				</datasource>
				<drivers>
					<driver name="h2" module="com.h2database.h2">
						<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
					</driver>
					<driver name="mysql" module="com.mysql.jdbc">
						<xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class>
					</driver>
					<driver name="postgresql" module="org.postgresql.jdbc">
						<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
					</driver>
				</drivers>
			</datasources>
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:deployment-scanner:1.1">
			<deployment-scanner path="deployments"
				relative-to="jboss.server.base.dir" scan-interval="5000"
				deployment-timeout="300" />
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:ee:1.0" />
		<subsystem xmlns="urn:jboss:domain:ejb3:1.2">
			<session-bean>
				<stateless>
					<bean-instance-pool-ref pool-name="slsb-strict-max-pool" />
				</stateless>
				<stateful default-access-timeout="5000" cache-ref="simple"
					clustered-cache-ref="clustered" />
				<singleton default-access-timeout="5000" />
			</session-bean>
			<mdb>
				<resource-adapter-ref resource-adapter-name="hornetq-ra" />
				<bean-instance-pool-ref pool-name="mdb-strict-max-pool" />
			</mdb>
			<pools>
				<bean-instance-pools>
					<strict-max-pool name="slsb-strict-max-pool"
						max-pool-size="20" instance-acquisition-timeout="5"
						instance-acquisition-timeout-unit="MINUTES" />
					<strict-max-pool name="mdb-strict-max-pool"
						max-pool-size="20" instance-acquisition-timeout="5"
						instance-acquisition-timeout-unit="MINUTES" />
				</bean-instance-pools>
			</pools>
			<caches>
				<cache name="simple" aliases="NoPassivationCache" />
				<cache name="passivating" passivation-store-ref="file"
					aliases="SimpleStatefulCache" />
				<cache name="clustered" passivation-store-ref="infinispan"
					aliases="StatefulTreeCache" />
			</caches>
			<passivation-stores>
				<file-passivation-store name="file" />
				<cluster-passivation-store name="infinispan"
					cache-container="ejb" />
			</passivation-stores>
			<async thread-pool-name="default" />
			<timer-service thread-pool-name="default">
				<data-store path="timer-service-data" relative-to="jboss.server.data.dir" />
			</timer-service>
			<remote connector-ref="remoting-connector" thread-pool-name="default" />
			<thread-pools>
				<thread-pool name="default">
					<max-threads count="10" />
					<keepalive-time time="100" unit="milliseconds" />
				</thread-pool>
			</thread-pools>
			<!--iiop enable-by-default="false" use-qualified-name="false"/ -->
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:infinispan:1.1"
			default-cache-container="cluster">
			<cache-container name="cluster" aliases="ha-partition"
				default-cache="default">
				<transport lock-timeout="60000" />
				<replicated-cache name="default" mode="SYNC"
					batching="true">
					<locking isolation="REPEATABLE_READ" />
				</replicated-cache>
			</cache-container>
			<cache-container name="web" aliases="standard-session-cache"
				default-cache="repl">
				<transport lock-timeout="60000" />
				<replicated-cache name="repl" mode="ASYNC"
					batching="true">
					<file-store />
				</replicated-cache>
				<replicated-cache name="sso" mode="SYNC" batching="true" />
				<distributed-cache name="dist" mode="ASYNC"
					batching="true">
					<file-store />
				</distributed-cache>
			</cache-container>
			<cache-container name="ejb" aliases="sfsb sfsb-cache"
				default-cache="repl">
				<transport lock-timeout="60000" />
				<replicated-cache name="repl" mode="ASYNC"
					batching="true">
					<eviction strategy="LRU" />
					<file-store />
				</replicated-cache>
				<!-- Clustered cache used internally by EJB subsytem for managing the 
					client-mapping(s) of the socketbinding referenced by the EJB remoting connector -->
				<replicated-cache name="remote-connector-client-mappings"
					mode="SYNC" batching="true" />
				<distributed-cache name="dist" mode="ASYNC"
					batching="true">
					<eviction strategy="LRU" />
					<file-store />
				</distributed-cache>
			</cache-container>
			<cache-container name="hibernate" default-cache="local-query">
				<transport lock-timeout="60000" />
				<local-cache name="local-query">
					<transaction mode="NONE" />
					<eviction strategy="LRU" max-entries="10000" />
					<expiration max-idle="100000" />
				</local-cache>
				<invalidation-cache name="entity" mode="SYNC">
					<transaction mode="NON_XA" />
					<eviction strategy="LRU" max-entries="10000" />
					<expiration max-idle="100000" />
				</invalidation-cache>
				<replicated-cache name="timestamps" mode="ASYNC">
					<transaction mode="NONE" />
					<eviction strategy="NONE" />
				</replicated-cache>
			</cache-container>
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:jacorb:1.1">
			<orb>
				<initializers transactions="spec" security="on" />
			</orb>
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:jaxr:1.0">
			<connection-factory jndi-name="java:jboss/jaxr/ConnectionFactory" />
			<juddi-server
				publish-url="http://${env.OPENSHIFT_JBOSSAS_IP}:${env.OPENSHIFT_JBOSSAS_HTTP_PORT}/juddi/publish"
				query-url="http://${env.OPENSHIFT_JBOSSAS_IP}:${env.OPENSHIFT_JBOSSAS_HTTP_PORT}/juddi/query" />
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:jaxrs:1.0" />
		<subsystem xmlns="urn:jboss:domain:jca:1.1">
			<archive-validation enabled="true" fail-on-error="true"
				fail-on-warn="false" />
			<bean-validation enabled="false" />
			<default-workmanager>
				<short-running-threads>
					<core-threads count="10" />
					<queue-length count="10" />
					<max-threads count="10" />
					<keepalive-time time="10" unit="seconds" />
				</short-running-threads>
				<long-running-threads>
					<core-threads count="10" />
					<queue-length count="10" />
					<max-threads count="10" />
					<keepalive-time time="10" unit="seconds" />
				</long-running-threads>
			</default-workmanager>
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:jdr:1.0" />
		<subsystem xmlns="urn:jboss:domain:jgroups:1.0"
			default-stack="tcp">
			<stack name="tcp">
				<transport type="TCP" socket-binding="jgroups-tcp">
					<property name="external_addr">${env.OPENSHIFT_GEAR_DNS}</property>
					<property name="external_port">${env.OPENSHIFT_JBOSSAS_CLUSTER_PROXY_PORT}</property>
					<property name="bind_port">${env.OPENSHIFT_JBOSSAS_CLUSTER_PORT}</property>
					<property name="bind_addr">${env.OPENSHIFT_JBOSSAS_IP}</property>
					<property name="defer_client_bind_addr">true</property>
				</transport>
				<protocol type="TCPPING">
					<property name="timeout">30000</property>
					<property name="initial_hosts">${env.OPENSHIFT_JBOSSAS_CLUSTER}</property>
					<property name="port_range">0</property>
					<property name="num_initial_members">1</property>
				</protocol>
				<protocol type="MERGE2" />
				<protocol type="FD" />
				<protocol type="VERIFY_SUSPECT" />
				<protocol type="BARRIER" />
				<protocol type="pbcast.NAKACK" />
				<protocol type="UNICAST2" />
				<protocol type="pbcast.STABLE" />
				<protocol type="AUTH">
					<property name="auth_class">org.jgroups.auth.MD5Token</property>
					<property name="token_hash">SHA</property>
					<property name="auth_value">${env.OPENSHIFT_SECRET_TOKEN}</property>
				</protocol>
				<protocol type="pbcast.GMS" />
				<protocol type="UFC" />
				<protocol type="MFC" />
				<protocol type="FRAG2" />
				<!--protocol type="pbcast.STATE_TRANSFER"/> <protocol type="pbcast.FLUSH"/ -->
			</stack>
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:jmx:1.1">
			<show-model value="true" />
			<remoting-connector />
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:jpa:1.0">
			<jpa default-datasource="" />
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:jsr77:1.0" />
		<subsystem xmlns="urn:jboss:domain:mail:1.0">
			<mail-session jndi-name="java:jboss/mail/Default">
				<smtp-server outbound-socket-binding-ref="mail-smtp" />
			</mail-session>
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:messaging:1.1">
			<hornetq-server>
				<clustered>true</clustered>
				<persistence-enabled>true</persistence-enabled>
				<!--security-domain>messaging</security-domain -->
				<security-enabled>false</security-enabled>
				<journal-file-size>102400</journal-file-size>
				<journal-min-files>2</journal-min-files>

				<thread-pool-max-size>${messaging.thread.pool.max.size}</thread-pool-max-size>
				<scheduled-thread-pool-max-size>${messaging.scheduled.thread.pool.max.size}</scheduled-thread-pool-max-size>

				<connectors>
					<netty-connector name="netty" socket-binding="messaging" />
					<netty-connector name="netty-throughput"
						socket-binding="messaging-throughput">
						<param key="batch-delay" value="50" />
					</netty-connector>
					<in-vm-connector name="in-vm" server-id="0" />
				</connectors>

				<acceptors>
					<netty-acceptor name="netty" socket-binding="messaging" />
					<netty-acceptor name="netty-throughput"
						socket-binding="messaging-throughput">
						<param key="batch-delay" value="50" />
						<param key="direct-deliver" value="false" />
					</netty-acceptor>
					<in-vm-acceptor name="in-vm" server-id="0" />
				</acceptors>

				<!--broadcast-groups> <broadcast-group name="bg-group1"> <group-address>231.7.7.7</group-address> 
					<group-port>9876</group-port> <broadcast-period>5000</broadcast-period> <connector-ref> 
					netty </connector-ref> </broadcast-group> </broadcast-groups> <discovery-groups> 
					<discovery-group name="dg-group1"> <group-address>231.7.7.7</group-address> 
					<group-port>9876</group-port> <refresh-timeout>10000</refresh-timeout> </discovery-group> 
					</discovery-groups> <cluster-connections> <cluster-connection name="my-cluster"> 
					<address>jms</address> <connector-ref>netty</connector-ref> <discovery-group-ref 
					discovery-group-name="dg-group1"/> </cluster-connection> </cluster-connections -->

				<!--security-settings> <security-setting match="#"> <permission type="send" 
					roles="guest"/> <permission type="consume" roles="guest"/> <permission type="createNonDurableQueue" 
					roles="guest"/> <permission type="deleteNonDurableQueue" roles="guest"/> 
					</security-setting> </security-settings -->

				<address-settings>
					<address-setting match="#">
						<dead-letter-address>jms.queue.DLQ</dead-letter-address>
						<expiry-address>jms.queue.ExpiryQueue</expiry-address>
						<redelivery-delay>0</redelivery-delay>
						<max-size-bytes>10485760</max-size-bytes>
						<address-full-policy>BLOCK</address-full-policy>
						<message-counter-history-day-limit>10</message-counter-history-day-limit>
						<redistribution-delay>1000</redistribution-delay>
					</address-setting>
				</address-settings>

				<jms-connection-factories>
					<connection-factory name="InVmConnectionFactory">
						<connectors>
							<connector-ref connector-name="in-vm" />
						</connectors>
						<entries>
							<entry name="java:/ConnectionFactory" />
						</entries>
					</connection-factory>
					<connection-factory name="RemoteConnectionFactory">
						<connectors>
							<connector-ref connector-name="netty" />
						</connectors>
						<entries>
							<entry name="RemoteConnectionFactory" />
							<entry name="java:jboss/exported/jms/RemoteConnectionFactory" />
						</entries>
					</connection-factory>
					<pooled-connection-factory name="hornetq-ra">
						<transaction mode="xa" />
						<connectors>
							<connector-ref connector-name="in-vm" />
						</connectors>
						<entries>
							<entry name="java:/JmsXA" />
						</entries>
					</pooled-connection-factory>
				</jms-connection-factories>

				<jms-destinations>
					<jms-queue name="testQueue">
						<entry name="queue/test" />
						<entry name="java:jboss/exported/jms/queue/test" />
					</jms-queue>
					<jms-topic name="testTopic">
						<entry name="topic/test" />
						<entry name="java:jboss/exported/jms/topic/test" />
					</jms-topic>
				</jms-destinations>
			</hornetq-server>
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:naming:1.1" />
		<subsystem xmlns="urn:jboss:domain:osgi:1.2" activation="lazy">
			<properties>
				<!-- Specifies the beginning start level of the framework -->
				<property name="org.osgi.framework.startlevel.beginning">1</property>
			</properties>
			<capabilities>
				<!-- modules registered with the OSGi layer on startup -->
				<capability name="javax.servlet.api:v25" />
				<capability name="javax.transaction.api" />
				<!-- bundles started in startlevel 1 -->
				<capability name="org.apache.felix.log" startlevel="1" />
				<capability name="org.jboss.osgi.logging" startlevel="1" />
				<capability name="org.apache.felix.configadmin"
					startlevel="1" />
				<capability name="org.jboss.as.osgi.configadmin"
					startlevel="1" />
			</capabilities>
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:pojo:1.0" />
		<subsystem xmlns="urn:jboss:domain:remoting:1.1">
			<connector name="remoting-connector" socket-binding="remoting" />
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:resource-adapters:1.0" />
		<subsystem xmlns="urn:jboss:domain:sar:1.0" />
		<subsystem xmlns="urn:jboss:domain:security:1.1">
			<security-domains>


				<security-domain name="loginRealm">
					<authentication>
						<login-module code="Database" flag="required">
							<module-option name="dsJndiName"
								value="java:jboss/datasources/MysqlDS" />
							<module-option name="principalsQuery"
								value="select PASSWORD from c_user where EMAIL=?" />
							<module-option name="rolesQuery"
								value="select groups_ROLENAME, 'Roles' from  c_user_c_user_role where User_EMAIL=?" />
							<module-option name="hashAlgorithm" value="SHA-256" />

						</login-module>
					</authentication>
				</security-domain>


				<security-domain name="other" cache-type="default">
					<authentication>
						<login-module code="UsersRoles" flag="required" />
					</authentication>
				</security-domain>
				<security-domain name="jboss-web-policy" cache-type="default">
					<authorization>
						<policy-module code="Delegating" flag="required" />
					</authorization>
				</security-domain>
				<security-domain name="jboss-ejb-policy" cache-type="default">
					<authorization>
						<policy-module code="Delegating" flag="required" />
					</authorization>
				</security-domain>
				<security-domain name="messaging" cache-type="default">
					<authentication>
						<login-module code="UsersRoles" flag="required">
							<module-option name="usersProperties"
								value="${jboss.server.config.dir}/application-users.properties" />
							<module-option name="rolesProperties"
								value="${jboss.server.config.dir}/application-roles.properties" />
						</login-module>
					</authentication>
				</security-domain>
			</security-domains>
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:threads:1.1" />
		<subsystem xmlns="urn:jboss:domain:transactions:1.1">
			<core-environment>
				<process-id>
					<uuid />
				</process-id>
			</core-environment>
			<recovery-environment socket-binding="txn-recovery-environment"
				status-socket-binding="txn-status-manager" />
			<coordinator-environment default-timeout="300" />
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:web:1.1"
			default-virtual-server="default-host" native="false">
			<connector name="http" protocol="HTTP/1.1" scheme="http"
				socket-binding="http" />
			<virtual-server name="default-host"
				enable-welcome-root="false">
				<alias name="localhost" />
			</virtual-server>
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:webservices:1.1">
			<modify-wsdl-address>true</modify-wsdl-address>
			<wsdl-host>${env.OPENSHIFT_GEAR_DNS}</wsdl-host>
			<wsdl-port>80</wsdl-port>
			<endpoint-config name="Standard-Endpoint-Config" />
			<endpoint-config name="Recording-Endpoint-Config">
				<pre-handler-chain name="recording-handlers"
					protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
					<handler name="RecordingHandler"
						class="org.jboss.ws.common.invocation.RecordingServerHandler" />
				</pre-handler-chain>
			</endpoint-config>
		</subsystem>
		<subsystem xmlns="urn:jboss:domain:weld:1.0" />
	</profile>

	<interfaces>
		<interface name="management">
			<loopback-address value="${env.OPENSHIFT_JBOSSAS_IP}" />
		</interface>
		<interface name="public">
			<loopback-address value="${env.OPENSHIFT_JBOSSAS_IP}" />
		</interface>
		<interface name="unsecure">
			<!-- Used for IIOP sockets in the standarad configuration. To secure JacORB 
				you need to setup SSL -->
			<loopback-address value="${env.OPENSHIFT_JBOSSAS_IP}" />
		</interface>
	</interfaces>

	<socket-binding-group name="standard-sockets"
		default-interface="public" port-offset="0">
		<socket-binding name="http"
			port="${env.OPENSHIFT_JBOSSAS_HTTP_PORT}" />
		<socket-binding name="jacorb" interface="unsecure"
			port="3528" />
		<socket-binding name="jacorb-ssl" interface="unsecure"
			port="3529" />
		<socket-binding name="jgroups-tcp"
			port="${env.OPENSHIFT_JBOSSAS_CLUSTER_PORT}" />
		<socket-binding name="management-native" interface="management"
			port="${env.OPENSHIFT_JBOSSAS_MANAGEMENT_NATIVE_PORT}" />
		<socket-binding name="management-http" interface="management"
			port="${env.OPENSHIFT_JBOSSAS_MANAGEMENT_HTTP_PORT}" />
		<socket-binding name="messaging"
			port="${env.OPENSHIFT_JBOSSAS_MESSAGING_PORT}" />
		<socket-binding name="messaging-throughput"
			port="${env.OPENSHIFT_JBOSSAS_MESSAGING_THROUGHPUT_PORT}" />
		<socket-binding name="osgi-http" interface="management"
			port="8090" />
		<socket-binding name="remoting"
			port="${env.OPENSHIFT_JBOSSAS_REMOTING_PORT}" />
		<socket-binding name="txn-recovery-environment" port="4712" />
		<socket-binding name="txn-status-manager" port="4713" />
		<outbound-socket-binding name="mail-smtp">
			<remote-destination host="localhost" port="25" />
		</outbound-socket-binding>
	</socket-binding-group>
</server>

Ich habe also quasi mein Realm im gesetzt. Allerdings ist es recht verwirrend, dass z.B. http://docs.jboss.org/jbossweb/2.1.x/realm-howto.html hier davon geredet wird, dass ich einen Realm mit dem Realm Tag erstellen muss der im Host, Context oder Engine nested ist. Alle drei sind in meiner standalone.xml aber nicht vorhanden.

Andererseits schreibt man hier http://barbedwirebytecodebaconburger.com/blog/2012/02/17/basic-http-authentication-in-jboss-as-7/ und hier http://www.alesandro-lang.com/blog/setup_a_jdbc_realm_inside_openshift/, dass es über das security-domain eigentlich richtig sein sollte.

Hier noch meine jboss-web.xml Datei:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<!--  
  <context-root>/wie-koche-ich</context-root>
  
  -->
  <security-domain>java:/jaas/loginRealm</security-domain>

</jboss-web>

und web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

    <context-param>
        <description>Change to "Production" when you are ready to deploy
            if (application.getProjectStage() == ProjectStage.Development)</description>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <!--
    <context-param>
        <description>removes primfaces style </description>
        <param-name>primefaces.THEME</param-name>
        <param-value>none</param-value>
    </context-param>
    -->
    
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>
            javax.faces.webapp.FacesServlet
        </servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.jsf</url-pattern>
    </servlet-mapping>
    <!-- Welcome page -->
    <welcome-file-list>
        <welcome-file>index.jsf</welcome-file>
    </welcome-file-list>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
  
	 <security-constraint>
        <display-name>administration-constraint</display-name>
        <web-resource-collection>
            <web-resource-name>administration</web-resource-name>
            <description>authorisation area</description>
            <url-pattern>/edit/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>headchef</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>loginRealm</realm-name>
        <form-login-config>
            <form-login-page>/viewLogin.jsf</form-login-page>
            <form-error-page>/viewError.jsf</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <description>Administrator</description>
        <role-name>headchef</role-name>
    </security-role>
    <security-role>
        <description>normal user which can create recipes</description>
        <role-name>cook</role-name>
    </security-role>
    
     
</web-app>

Trotz all dem kann ich den “geschützen” Bereich aufrufen. Wenn ich die viewLogin.jsf aufrufe und mich versuche ein zu loggen, erhalte ich die Meldung An Error Occured: Login failed No authenticator available for programmatic login.

Hat jemand eine Idee was ich falsch mache?

inv_zim · 10. März 2014 um 23:00

Hallo,

der JDBC-Realm gehört meiner Meinung nach zu den unnötig komplizierten Dingen in der JEE Welt. Ich habe auch gestern massiv Probleme auf dem Glassfish 4 gehabt und erst mal Probleme gehabt, ein ordentliches Logging zu erzeugen. Kannst du mal den gesamten Output hier posten, eventuell sogar mit feinem logging?

anon2594669 · 10. März 2014 um 23:12

Das hier sollte helfen: http://larmic.blogspot.de/2013/08/jaas-im-jboss-7x-bzw-eap-61.html

mfe · 11. März 2014 um 05:30

Kannst du mir sagen, wofür das

                           <authentication>  
                <local default-user="$local"></local>  
                <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir">  
                </properties>  
            </authentication>

zuständig ist?

Meine Config sieht momentan so aus (beinhaltet nur den Code den ich verändert habe):

		
<subsystem xmlns="urn:jboss:domain:logging:1.1">
			<!--console-handler name="CONSOLE"> <level name="INFO"/> <formatter> <pattern-formatter 
				pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/> </formatter> </console-handler -->
			<periodic-rotating-file-handler name="FILE">
				<formatter>
					<pattern-formatter
						pattern="%d{yyyy/MM/dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n" />
				</formatter>
				<file relative-to="jboss.server.log.dir" path="server.log" />
				<suffix value=".yyyy-MM-dd" />
				<append value="true" />
			</periodic-rotating-file-handler>
			<periodic-rotating-file-handler name="AUDIT"
				autoflush="true">
				<level name="TRACE" />
				<formatter>
					<pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n" />
				</formatter>
				<file relative-to="jboss.server.log.dir" path="audit.log" />
				<suffix value=".yyyy-MM-dd" />
				<append value="true" />
			</periodic-rotating-file-handler>
			<logger category="com.arjuna">
				<level name="WARN" />
			</logger>
			<logger category="org.apache.tomcat.util.modeler">
				<level name="WARN" />
			</logger>
			<logger category="sun.rmi">
				<level name="WARN" />
			</logger>
			<logger category="jacorb">
				<level name="WARN" />
			</logger>
			<logger category="jacorb.config">
				<level name="ERROR" />
			</logger>

			<logger category="jboss.jdbc.spy">
				<level name="TRACE" />
			</logger>
			<!-- <logger category="org.hibernate"> <level name="DEBUG"/> </logger> -->
			<root-logger>
				<level name="INFO" />
				<handlers>
					<!--handler name="CONSOLE"/ -->
					<handler name="FILE" />
				</handlers>
			</root-logger>
		</subsystem>

	<subsystem xmlns="urn:jboss:domain:security:1.1">
			<security-domains>


				<security-domain name="login">
					<authentication>
						<login-module
							code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
							flag="required">
							<module-option name="dsJndiName"
								value="java:jboss/datasources/MysqlDS" />
							<module-option name="principalsQuery"
								value="select PASSWORD from c_user where EMAIL=?" />
							<module-option name="rolesQuery"
								value="select groups_ROLENAME, 'Roles' from  c_user_c_user_role where User_EMAIL=?" />
							<module-option name="hashAlgorithm" value="SHA-256" />

						</login-module>


					</authentication>
				</security-domain>

				<security-domain name="other" cache-type="default">
					<authentication>
						<login-module code="UsersRoles" flag="required" />
					</authentication>
				</security-domain>

<subsystem xmlns="urn:jboss:domain:remoting:1.1">
			<connector name="remoting-connector" socket-binding="remoting"  security-realm="loginRealm" />
		</subsystem>

Das ist der Log nach dem Starten.

07:28:41,384 INFO  [org.jboss.as.controller] JBAS014774: Service status report
JBAS014776:    Newly corrected services:
      service jboss.security.security-domain.other (new available)
      service jboss.server.controller.management.security_realm.managementSecurityRealm (new available)

07:28:41,398 INFO  [org.jboss.as] JBAS015950: JBoss AS 7.1.1.Final "Brontes" stopped in 209ms
07:30:02,525 INFO  [org.jboss.modules] JBoss Modules version 1.1.1.GA
07:30:03,834 INFO  [org.jboss.msc] JBoss MSC version 1.0.2.GA
07:30:04,193 INFO  [org.jboss.as] JBAS015899: JBoss AS 7.1.1.Final "Brontes" starting
07:30:04,229 DEBUG [org.jboss.as.config] Configured system properties:
	OPENSHIFT_APP_UUID = 52fe28285973cad7a900033f
	[Standalone] = 
	awt.toolkit = sun.awt.X11.XToolkit
	file.encoding = UTF-8
	file.encoding.pkg = sun.io
	file.separator = /
	java.awt.graphicsenv = sun.awt.X11GraphicsEnvironment
	java.awt.printerjob = sun.print.PSPrinterJob
	java.class.path = /var/lib/openshift/52fe28285973cad7a900033f/jbossas/jboss-modules.jar
	java.class.version = 51.0
	java.endorsed.dirs = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/endorsed
	java.ext.dirs = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/ext:/usr/java/packages/lib/ext
	java.home = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre
	java.io.tmpdir = /tmp
	java.library.path = /opt/rh/mysql55/root/usr/lib64::/usr/java/packages/lib/i386:/lib:/usr/lib
	java.net.preferIPv4Stack = true
	java.runtime.name = OpenJDK Runtime Environment
	java.runtime.version = 1.7.0_51-mockbuild_2014_01_10_10_25-b00
	java.specification.name = Java Platform API Specification
	java.specification.vendor = Oracle Corporation
	java.specification.version = 1.7
	java.util.logging.manager = org.jboss.logmanager.LogManager
	java.vendor = Oracle Corporation
	java.vendor.url = http://java.oracle.com/
	java.vendor.url.bug = http://bugreport.sun.com/bugreport/
	java.version = 1.7.0_51
	java.vm.info = mixed mode
	java.vm.name = OpenJDK Server VM
	java.vm.specification.name = Java Virtual Machine Specification
	java.vm.specification.vendor = Oracle Corporation
	java.vm.specification.version = 1.7
	java.vm.vendor = Oracle Corporation
	java.vm.version = 24.45-b08
	javax.management.builder.initial = org.jboss.as.jmx.PluggableMBeanServerBuilder
	javax.xml.datatype.DatatypeFactory = __redirected.__DatatypeFactory
	javax.xml.parsers.DocumentBuilderFactory = __redirected.__DocumentBuilderFactory
	javax.xml.parsers.SAXParserFactory = __redirected.__SAXParserFactory
	javax.xml.stream.XMLEventFactory = __redirected.__XMLEventFactory
	javax.xml.stream.XMLInputFactory = __redirected.__XMLInputFactory
	javax.xml.stream.XMLOutputFactory = __redirected.__XMLOutputFactory
	javax.xml.transform.TransformerFactory = __redirected.__TransformerFactory
	javax.xml.validation.SchemaFactory:http://www.w3.org/2001/XMLSchema = __redirected.__SchemaFactory
	javax.xml.xpath.XPathFactory:http://java.sun.com/jaxp/xpath/dom = __redirected.__XPathFactory
	jboss.home.dir = /var/lib/openshift/52fe28285973cad7a900033f/jbossas
	jboss.host.name = ex-std-node34
	jboss.modules.dir = /var/lib/openshift/52fe28285973cad7a900033f/jbossas/modules
	jboss.node.name = wiekocheich-getthesolution.rhcloud.com
	jboss.qualified.host.name = ex-std-node34.prod.rhcloud.com
	jboss.server.base.dir = /var/lib/openshift/52fe28285973cad7a900033f/jbossas/standalone
	jboss.server.config.dir = /var/lib/openshift/52fe28285973cad7a900033f/jbossas/standalone/configuration
	jboss.server.data.dir = /var/lib/openshift/52fe28285973cad7a900033f/jbossas/standalone/data
	jboss.server.deploy.dir = /var/lib/openshift/52fe28285973cad7a900033f/jbossas/standalone/data/content
	jboss.server.log.dir = /var/lib/openshift/52fe28285973cad7a900033f/jbossas/standalone/log
	jboss.server.name = ex-std-node34
	jboss.server.temp.dir = /var/lib/openshift/52fe28285973cad7a900033f/jbossas/standalone/tmp
	jgroups.bind_addr = 127.9.64.1
	line.separator = 

	logging.configuration = file:/var/lib/openshift/52fe28285973cad7a900033f/jbossas/standalone/configuration/logging.properties
	module.path = /var/lib/openshift/52fe28285973cad7a900033f/app-root/runtime/repo//.openshift/config/modules:/var/lib/openshift/52fe28285973cad7a900033f/jbossas//modules
	org.apache.coyote.http11.Http11Protocol.COMPRESSION = on
	org.apache.tomcat.util.LOW_MEMORY = true
	org.jboss.boot.log.file = /var/lib/openshift/52fe28285973cad7a900033f/jbossas/standalone/log/boot.log
	org.jboss.resolver.warning = true
	org.xml.sax.driver = __redirected.__XMLReaderFactory
	os.arch = i386
	os.name = Linux
	os.version = 2.6.32-431.3.1.el6oso.bz844450v4.x86_64
	path.separator = :
	sun.arch.data.model = 32
	sun.boot.class.path = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/alt-rt.jar:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/resources.jar:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/rt.jar:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/jsse.jar:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/jce.jar:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/charsets.jar:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/netx.jar:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/plugin.jar:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/rhino.jar:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/jfr.jar:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/classes
	sun.boot.library.path = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51/jre/lib/i386
	sun.cpu.endian = little
	sun.cpu.isalist = 
	sun.io.unicode.encoding = UnicodeLittle
	sun.java.command = /var/lib/openshift/52fe28285973cad7a900033f/jbossas/jboss-modules.jar -mp /var/lib/openshift/52fe28285973cad7a900033f/app-root/runtime/repo//.openshift/config/modules:/var/lib/openshift/52fe28285973cad7a900033f/jbossas//modules -jaxpmodule javax.xml.jaxp-provider org.jboss.as.standalone -Djboss.home.dir=/var/lib/openshift/52fe28285973cad7a900033f/jbossas
	sun.java.launcher = SUN_STANDARD
	sun.jnu.encoding = ANSI_X3.4-1968
	sun.management.compiler = HotSpot Tiered Compilers
	sun.os.patch.level = unknown
	user.country = US
	user.dir = /var/lib/openshift/52fe28285973cad7a900033f/jbossas
	user.home = /var/lib/openshift/52fe28285973cad7a900033f
	user.language = en
	user.name = 52fe28285973cad7a900033f
	user.timezone = America/New_York
07:30:04,905 DEBUG [org.jboss.as.config] VM Arguments: -D[Standalone] -XX:+TieredCompilation -Xmx256m -XX:MaxPermSize=102m -XX:+AggressiveOpts -Dorg.apache.tomcat.util.LOW_MEMORY=true -DOPENSHIFT_APP_UUID=52fe28285973cad7a900033f -Dorg.jboss.resolver.warning=true -Djava.net.preferIPv4Stack=true -Dfile.encoding=UTF-8 -Djava.net.preferIPv4Stack=true -Djboss.node.name=wiekocheich-getthesolution.rhcloud.com -Djgroups.bind_addr=127.9.64.1 -Dorg.apache.coyote.http11.Http11Protocol.COMPRESSION=on -Dorg.jboss.boot.log.file=/var/lib/openshift/52fe28285973cad7a900033f/jbossas/standalone/log/boot.log -Dlogging.configuration=file:/var/lib/openshift/52fe28285973cad7a900033f/jbossas/standalone/configuration/logging.properties 
07:30:15,759 INFO  [org.xnio] XNIO Version 3.0.3.GA
07:30:15,786 INFO  [org.jboss.as.server] JBAS015888: Creating http management service using socket-binding (management-http)
07:30:15,851 INFO  [org.xnio.nio] XNIO NIO Implementation Version 3.0.3.GA
07:30:15,932 INFO  [org.jboss.remoting] JBoss Remoting version 3.2.3.GA
07:30:16,096 INFO  [org.jboss.as.logging] JBAS011502: Removing bootstrap log handlers

==> jbossas/logs/server.log <==
2014/03/11 07:30:16,134 INFO  [org.jboss.as.configadmin] (ServerService Thread Pool -- 35) JBAS016200: Activating ConfigAdmin Subsystem
2014/03/11 07:30:16,306 INFO  [org.jboss.as.clustering.jgroups] (ServerService Thread Pool -- 46) JBAS010260: Activating JGroups subsystem.
2014/03/11 07:30:16,352 INFO  [org.jboss.as.security] (ServerService Thread Pool -- 58) JBAS013101: Activating Security Subsystem
2014/03/11 07:30:16,488 INFO  [org.jboss.as.naming] (ServerService Thread Pool -- 52) JBAS011800: Activating Naming Subsystem
2014/03/11 07:30:16,210 INFO  [org.jboss.as.jacorb] (ServerService Thread Pool -- 41) JBAS016300: Activating JacORB Subsystem
2014/03/11 07:30:16,194 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 40) JBAS010280: Activating Infinispan subsystem.
2014/03/11 07:30:16,537 INFO  [org.jboss.as.osgi] (ServerService Thread Pool -- 53) JBAS011940: Activating OSGi Subsystem
2014/03/11 07:30:16,522 INFO  [org.jboss.as.webservices] (ServerService Thread Pool -- 62) JBAS015537: Activating WebServices Extension
2014/03/11 07:30:16,815 INFO  [org.jboss.as.security] (MSC service thread 1-4) JBAS013100: Current PicketBox version=4.0.7.Final
2014/03/11 07:30:17,002 INFO  [org.jboss.as.connector] (MSC service thread 1-2) JBAS010408: Starting JCA Subsystem (JBoss IronJacamar 1.0.9.Final)
2014/03/11 07:30:17,568 INFO  [org.jboss.as.naming] (MSC service thread 1-2) JBAS011802: Starting Naming Service
2014/03/11 07:30:17,705 TRACE [org.jboss.security.jacc.DelegatingPolicy] (MSC service thread 1-4) Loaded JACC permissions: true
2014/03/11 07:30:17,730 TRACE [org.jboss.security.jacc.DelegatingPolicy] (MSC service thread 1-4) loaded policy context classclass javax.security.jacc.PolicyContext
2014/03/11 07:30:17,735 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 36) JBAS010403: Deploying JDBC-compliant driver class org.h2.Driver (version 1.3)
2014/03/11 07:30:18,021 INFO  [org.jboss.as.mail.extension] (MSC service thread 1-4) JBAS015400: Bound mail session [java:jboss/mail/Default]
2014/03/11 07:30:18,121 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 36) JBAS010404: Deploying non-JDBC-compliant driver class com.mysql.jdbc.Driver (version 5.1)
2014/03/11 07:30:18,259 INFO  [org.jboss.jaxr] (MSC service thread 1-4) JBAS014000: Started JAXR subsystem, binding JAXR connection factory into JNDI as: java:jboss/jaxr/ConnectionFactory
2014/03/11 07:30:18,301 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 36) JBAS010404: Deploying non-JDBC-compliant driver class org.postgresql.Driver (version 8.4)
2014/03/11 07:30:18,413 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (MSC service thread 1-4) CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@122a0b0
2014/03/11 07:30:18,856 INFO  [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-1) Starting Coyote HTTP/1.1 on http--127.9.64.1-8080
2014/03/11 07:30:19,142 INFO  [org.jboss.ws.common.management.AbstractServerConfig] (MSC service thread 1-2) JBoss Web Services - Stack CXF Server 4.0.2.GA
2014/03/11 07:30:19,522 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuilder] (ServerService Thread Pool -- 40) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be pasivated.
2014/03/11 07:30:19,570 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuilder] (ServerService Thread Pool -- 40) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be pasivated.
2014/03/11 07:30:20,403 INFO  [org.jboss.as.jacorb] (MSC service thread 1-1) JBAS016330: CORBA ORB Service started
2014/03/11 07:30:20,500 INFO  [org.jboss.as.server.deployment.scanner] (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService for directory /var/lib/openshift/52fe28285973cad7a900033f/jbossas/standalone/deployments
2014/03/11 07:30:20,555 INFO  [org.jboss.as.remoting] (MSC service thread 1-2) JBAS017100: Listening on /127.9.64.1:4447
2014/03/11 07:30:20,811 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-3) JBAS010400: Bound data source [java:jboss/datasources/MysqlDS]
2014/03/11 07:30:20,833 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-4) JBAS010400: Bound data source [java:jboss/datasources/ExampleDS]
2014/03/11 07:30:21,141 INFO  [org.jboss.as.jacorb] (MSC service thread 1-3) JBAS016328: CORBA Naming Service started
2014/03/11 07:30:22,818 INFO  [org.jboss.as.controller] (Controller Boot Thread) JBAS014774: Service status report
JBAS014775:    New missing/unsatisfied dependencies:
      service jboss.security.security-domain.other (missing) dependents: [service jboss.messaging.default] 
      service jboss.server.controller.management.security_realm.managementSecurityRealm (missing) dependents: [service jboss.serverManagement.controller.management.http, service jboss.remoting.authentication_provider.management] 

2014/03/11 07:30:22,917 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-4) JBAS015876: Starting deployment of "ROOT.war"
2014/03/11 07:30:30,849 INFO  [org.jboss.as.jpa] (MSC service thread 1-1) JBAS011401: Read persistence.xml for wie-koche-ichPU
2014/03/11 07:30:31,938 INFO  [org.jboss.as.ejb3.deployment.processors.EjbJndiBindingsDeploymentUnitProcessor] (MSC service thread 1-1) JNDI bindings for session bean named StepFacade in deployment unit deployment "ROOT.war" are as follows:
[...]
2014/03/11 07:30:33,941 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-4) JBAS010404: Deploying non-JDBC-compliant driver class com.mysql.jdbc.Driver (version 5.1)
2014/03/11 07:30:34,185 WARN  [org.jboss.as.connector.deployer.dsdeployer] (MSC service thread 1-4) JBAS010411: <drivers/> in standalone -ds.xml deployments aren't supported: Ignoring ROOT.war
2014/03/11 07:30:34,211 INFO  [org.jboss.as.jpa] (MSC service thread 1-1) JBAS011402: Starting Persistence Unit Service 'ROOT.war#wie-koche-ichPU'
2014/03/11 07:30:34,451 TRACE [org.jboss.security.util.state.StateMachine] (MSC service thread 1-3) nextState(getPolicyConfiguration) = State(name=open
	 on: addToExcludedPolicy go to: open
	 on: inService go to: open
	 on: getContextID go to: open
	 on: removeExcludedPolicy go to: open
	 on: commit go to: inService
	 on: removeRole go to: open
	 on: addToUncheckedPolicy go to: open
	 on: delete go to: deleted
	 on: getPolicyConfiguration go to: open
	 on: addToRole go to: open
	 on: linkConfiguration go to: open
	 on: removeUncheckedPolicy go to: open)
2014/03/11 07:30:34,507 TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] (MSC service thread 1-3) ctor, contextID=ROOT.war
2014/03/11 07:30:34,545 TRACE [org.jboss.security.util.state.StateMachine] (MSC service thread 1-3) nextState(getPolicyConfiguration) = State(name=open
	 on: addToExcludedPolicy go to: open
	 on: inService go to: open
	 on: getContextID go to: open
	 on: removeExcludedPolicy go to: open
	 on: commit go to: inService
	 on: removeRole go to: open
	 on: addToUncheckedPolicy go to: open
	 on: delete go to: deleted
	 on: getPolicyConfiguration go to: open
	 on: addToRole go to: open
	 on: linkConfiguration go to: open
	 on: removeUncheckedPolicy go to: open)
2014/03/11 07:30:34,610 TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] (MSC service thread 1-3) commit:ROOT.war
2014/03/11 07:30:34,618 TRACE [org.jboss.security.util.state.StateMachine] (MSC service thread 1-3) nextState(commit) = State(name=inService
	 on: getContextID go to: inService
	 on: inService go to: inService
	 on: delete go to: deleted
	 on: getPolicyConfiguration go to: open)
2014/03/11 07:30:34,823 INFO  [org.hibernate.annotations.common.Version] (MSC service thread 1-1) HCANN000001: Hibernate Commons Annotations {4.0.1.Final}
2014/03/11 07:30:34,859 INFO  [org.hibernate.Version] (MSC service thread 1-1) HHH000412: Hibernate Core {4.0.1.Final}
2014/03/11 07:30:34,904 INFO  [org.hibernate.cfg.Environment] (MSC service thread 1-1) HHH000206: hibernate.properties not found
2014/03/11 07:30:34,925 INFO  [org.hibernate.cfg.Environment] (MSC service thread 1-1) HHH000021: Bytecode provider name : javassist
2014/03/11 07:30:35,010 INFO  [org.hibernate.ejb.Ejb3Configuration] (MSC service thread 1-1) HHH000204: Processing PersistenceUnitInfo [
	name: wie-koche-ichPU
	...]
2014/03/11 07:30:35,929 INFO  [org.hibernate.service.jdbc.connections.internal.ConnectionProviderInitiator] (MSC service thread 1-1) HHH000130: Instantiating explicit connection provider: org.hibernate.ejb.connection.InjectedDataSourceConnectionProvider
2014/03/11 07:30:37,592 INFO  [org.hibernate.dialect.Dialect] (MSC service thread 1-1) HHH000400: Using dialect: org.hibernate.dialect.MySQLDialect
2014/03/11 07:30:37,701 INFO  [org.hibernate.engine.transaction.internal.TransactionFactoryInitiator] (MSC service thread 1-1) HHH000268: Transaction strategy: org.hibernate.engine.transaction.internal.jta.CMTTransactionFactory
2014/03/11 07:30:37,800 INFO  [org.hibernate.hql.internal.ast.ASTQueryTranslatorFactory] (MSC service thread 1-1) HHH000397: Using ASTQueryTranslatorFactory
2014/03/11 07:30:38,091 INFO  [org.hibernate.validator.util.Version] (MSC service thread 1-1) Hibernate Validator 4.2.0.Final
2014/03/11 07:30:40,193 INFO  [org.jboss.as] (MSC service thread 1-4) JBAS015954: Admin console is not enabled
2014/03/11 07:30:40,195 ERROR [org.jboss.as] (MSC service thread 1-4) JBAS015875: JBoss AS 7.1.1.Final "Brontes" started (with errors) in 39282ms - Started 370 of 504 services (13 services failed or missing dependencies, 118 services are passive or on-demand)
2014/03/11 07:30:40,402 INFO  [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS015870: Deploy of deployment "ROOT.war" was rolled back with failure message {"JBAS014771: Services with missing/unavailable dependencies" => ["jboss.web.deployment.default-host./ROOT.realmjboss.security.security-domain.loginRealmMissing[jboss.web.deployment.default-host./ROOT.realmjboss.security.security-domain.loginRealm]"]}
2014/03/11 07:30:40,420 TRACE [org.jboss.security.util.state.StateMachine] (MSC service thread 1-2) nextState(getPolicyConfiguration) = State(name=open
	 on: addToExcludedPolicy go to: open
	 on: inService go to: open
	 on: getContextID go to: open
	 on: removeExcludedPolicy go to: open
	 on: commit go to: inService
	 on: removeRole go to: open
	 on: addToUncheckedPolicy go to: open
	 on: delete go to: deleted
	 on: getPolicyConfiguration go to: open
	 on: addToRole go to: open
	 on: linkConfiguration go to: open
	 on: removeUncheckedPolicy go to: open)
2014/03/11 07:30:40,446 INFO  [org.jboss.as.jpa] (MSC service thread 1-1) JBAS011403: Stopping Persistence Unit Service 'ROOT.war#wie-koche-ichPU'
2014/03/11 07:30:40,502 TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] (MSC service thread 1-2) delete:ROOT.war
2014/03/11 07:30:40,517 TRACE [org.jboss.security.util.state.StateMachine] (MSC service thread 1-2) nextState(delete) = State(name=deleted
	 on: inService go to: deleted
	 on: getContextID go to: deleted
	 on: delete go to: deleted
	 on: getPolicyConfiguration go to: open)
2014/03/11 07:30:40,975 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-4) JBAS015877: Stopped deployment ROOT.war in 576ms
2014/03/11 07:30:40,981 INFO  [org.jboss.as.controller] (DeploymentScanner-threads - 2) JBAS014774: Service status report
JBAS014775:    New missing/unsatisfied dependencies:
      service jboss.security.security-domain.loginRealm (missing) dependents: [service jboss.web.deployment.default-host./ROOT.realm] 

2014/03/11 07:30:40,986 ERROR [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) {"JBAS014653: Composite operation failed and was rolled back. Steps that failed:" => {"Operation step-2" => {"JBAS014771: Services with missing/unavailable dependencies" => ["jboss.web.deployment.default-host./ROOT.realmjboss.security.security-domain.loginRealmMissing[jboss.web.deployment.default-host./ROOT.realmjboss.security.security-domain.loginRealm]"]}}}

Ich habe mich jetzt nochmal an Syms Blogpost orientiert und an diesem Security Realms, Security Domains, and remote E...| JBoss.org Content Archive (Read Only)

anon2594669 · 11. März 2014 um 08:27

Hi,

das habe ich einfach übernommen gehabt.

Hast Du irgendwo so etwas?

[xml]

[/xml]

mfe · 11. März 2014 um 08:41

Hallo,

also laut https://docs.jboss.org/author/display/AS7/Securing+the+Management+Interfaces wird mit der Propertie die Datei angegeben in der die Benutzer und Passwörter gespeichert sind. Andere Authentifizierungmethoden sind

LDAP - Authentication is performed against an LDAP server to verify the users identity.
Users - The usernames and passwords of the users are defined within the domain model, this is only intended as a simple testing mechanism.
Properties - Benutzer/Passwörter in einer Datei gespeichert

Kein Wort von JAAS oder JDBC…

anon2594669 · 11. März 2014 um 08:49

Ja, aber den Security-Realm benötigst Du. Die Properties wohl eher nicht.

Das funktioniert bei mir:

[xml]

jdbc:h2:mem:test;DB_CLOSE_DELAY=-1 h2 sa sa jdbc:mysql://127.0.0.1:3306/test mysql root ... false false false org.h2.jdbcx.JdbcDataSource [/xml]

Natürlich nur, wenn ein MySql-Treiber eingebunden ist.

Warum nutzt Du den JBoss 7.1.1 und nicht den Wildfly?

mfe · 11. März 2014 um 08:56

Im Moment sieht das bei mir so aus:

<management>
		<security-realms>
			<security-realm name="loginRealm">
				<authentication>
					<jaas name="login" />
				</authentication>

			</security-realm>
		</security-realms>

		<management-interfaces>
			<native-interface security-realm="loginRealm">
				<socket-binding native="management-native" />
			</native-interface>
			<http-interface security-realm="loginRealm">
				<socket-binding http="management-http" />
			</http-interface>
		</management-interfaces>

	</management>
		<subsystem xmlns="urn:jboss:domain:security:1.1">
			<security-domains>


				<security-domain name="login">
					<authentication>
						<login-module
							code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
							flag="required">
							<module-option name="dsJndiName"
								value="java:jboss/datasources/MysqlDS" />
							<module-option name="principalsQuery"
								value="select PASSWORD from c_user where EMAIL=?" />
							<module-option name="rolesQuery"
								value="select groups_ROLENAME, 'Roles' from  c_user_c_user_role where User_EMAIL=?" />
							<module-option name="hashAlgorithm" value="SHA-256" />

						</login-module>
						<login-module code="Remoting" flag="optional">
							<module-option name="password-stacking" value="useFirstPass" />
						</login-module>


					</authentication>
				</security-domain>

				<security-domain name="other" cache-type="default">
					<authentication>
						<login-module code="UsersRoles" flag="required" />
					</authentication>
				</security-domain>

			</security-domains>
		</subsystem>

Dass ich den Wildfly verwenden kann habe ich erst heute gesehen. Gibt es da gravierende Unterschiede zwischen Jboss und Wildfly? Ist unter einem Wildfly die Konfiguration eines Realm leichter?

anon2594669 · 11. März 2014 um 09:05

Hmm, mit dem org.jboss.security.auth.spi.DatabaseServerLoginModule habe ich noch nicht gearbeitet. Mein o.g. Login-Modul nutzt JAAS.

Der Wildfly ist die aktuellste JBoss-Version. Der Brontes ist glaube ich der EAP 6 oder 6.1, nicht wahr? JAAS konfiguriert sich da aber genauso.

mfe · 11. März 2014 um 09:47

[QUOTE=Sym]Hmm, mit dem org.jboss.security.auth.spi.DatabaseServerLoginModule habe ich noch nicht gearbeitet. Mein o.g. Login-Modul nutzt JAAS.

Der Wildfly ist die aktuellste JBoss-Version. Der Brontes ist glaube ich der EAP 6 oder 6.1, nicht wahr? JAAS konfiguriert sich da aber genauso. :)[/QUOTE]

Also wenn ich org.jboss.security.auth.spi.DatabaseServerLoginModule durch DataBase ersetze erhalte ich genauso die Fehlermeldung:

2014/03/11 17:31:20,300 ERROR [org.jboss.as] (MSC service thread 1-1) JBAS015875: JBoss AS 7.1.1.Final "Brontes" started (with errors) in 33905ms - Started 387 of 511 services (3 services failed or missing dependencies, 118 services are passive or on-demand)
2014/03/11 17:31:20,481 INFO  [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS015870: Deploy of deployment "ROOT.war" was rolled back with failure message {"JBAS014771: Services with missing/unavailable dependencies" => ["jboss.web.deployment.default-host./ROOT.realmjboss.securi
==> jbossas/logs/audit.log <==
17:31:20,517 TRACE [org.jboss.security.util.state.StateMachine] (MSC service thread 1-2) nextState(getPolicyConfiguratio
==> jbossas/logs/server.log <==
ty.security-domain.loginRealmMissing[jboss.web.deployment.default-host./ROOT.realmjboss.security.security-domain.loginRealm]"]}
2014/03/11 17:31:20,522 INFO  [org.jboss.as.jpa] (MSC service thread 1-4) JBAS011403: Stopping Persistence Unit Service 'ROOT.war#wie-koche-ichPU'

==> jbossas/logs/audit.log <==
n) = State(name=open
	 on: addToExcludedPolicy go to: open
	 on: inService go to: open
	 on: getContextID go to: open
	 on: removeExcludedPolicy go to: open
	 on: commit go to: inService
	 on: removeRole go to: open
	 on: addToUncheckedPolicy go to: open
	 on: delete go to: deleted
	 on: getPolicyConfiguration go to: open
	 on: addToRole go to: open
	 on: linkConfiguration go to: open
	 on: removeUncheckedPolicy go to: open)

==> jbossas/logs/server.log <==
2014/03/11 17:31:20,517 TRACE [org.jboss.security.util.state.StateMachine] (MSC service thread 1-2) nextState(getPolicyConfiguration) = State(name=open
	 on: addToExcludedPolicy go to: open
	 on: inService go to: open
	 on: getContextID go to: open
	 on: removeExcludedPolicy go to: open
	 on: commit go to: inService
	 on: removeRole go to: open
	 on: addToUncheckedPolicy go to: open
	 on: delete go to: deleted
	 on: getPolicyConfiguration go to: open
	 on: addToRole go to: open
	 on: linkConfiguration go to: open
	 on: removeUncheckedPolicy go to: open)

==> jbossas/logs/audit.log <==
17:31:20,767 TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] (MSC service thread 1-2) delete:ROOT.war

==> jbossas/logs/server.log <==
2014/03/11 17:31:20,767 TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] (MSC service thread 1-2) delete:ROOT.war

==> jbossas/logs/audit.log <==
17:31:20,919 TRACE [org.jboss.security.util.state.StateMachine] (MSC service thread 1-2) nextState(delete) = State(name=deleted
	 on: inService go to: deleted
	 on: getContextID go to: deleted
	 on: delete go to: deleted
	 on: getPolicyConfiguration go to: open)

==> jbossas/logs/server.log <==
2014/03/11 17:31:20,919 TRACE [org.jboss.security.util.state.StateMachine] (MSC service thread 1-2) nextState(delete) = State(name=deleted
	 on: inService go to: deleted
	 on: getContextID go to: deleted
	 on: delete go to: deleted
	 on: getPolicyConfiguration go to: open)
2014/03/11 17:31:21,511 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-4) JBAS015877: Stopped deployment ROOT.war in 1027ms
2014/03/11 17:31:21,590 INFO  [org.jboss.as.controller] (DeploymentScanner-threads - 2) JBAS014774: Service status report
JBAS014775:    New missing/unsatisfied dependencies:
      service jboss.security.security-domain.loginRealm (missing) dependents: [service jboss.web.deployment.default-host./ROOT.realm] 

2014/03/11 17:31:21,764 ERROR [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) {"JBAS014653: Composite operation failed and was rolled back. Steps that failed:" => {"Operation step-2" => {"JBAS014771: Services with missing/unavailable dependencies" => ["jboss.web.deployment.default-host./ROOT.realmjboss.security.security-domain.loginRealmMissing[jboss.web.deployment.default-host./ROOT.realmjboss.security.security-domain.loginRealm]"]}}}

mfe · 12. März 2014 um 07:35

Hallo,

hier mal ein kurzes update von mir. Ich habe die standalone.xml auf “Werkeinstellungen” zurück gesetzt und siehe da, der Realm funktioniert. Dabei muss man wirklich wie im Tutorial http://www.alesandro-lang.com/blog/setup_a_jdbc_realm_inside_openshift/ beschrieben eine Security Domain erstellen. Weitere angaben sind nicht notwendig (wie z.B. das setzen des Tag ).

Ledeglich die Passwortgenerierung bereitet mir noch Kopfzerbrechen, da ich gerne eine hätte die sowohl unter Glassfish als auch unter JBoss 7.1 lauffähig ist.