Login/Register
Declare Security Domain outside of standalone.xml on JBoss 7.1.1
Asked Answered
securityjakarta-eejbossjaas
N

1

9

I'm using Security Domains on JBoss 7 for EJB-Security by Annotations. E.g.

@RolesAllowed({"User", "Admin"})

Currently I declare the Security Domains in standalone.xml. This is approoriate for small things but I would like to use this kid of security with different Projects on the same JBoss Server. Therefore I'm searching for a way to declare the Security Domains outside of the standalone.xml. I thought of using Deployment Descriptors inside the war-Deployment.

According to this documentation this should be possible. but this is for JBoss 5 and seems not to work with JBoss 7.1.1. Starting JBoss throws Exception because of Parser Error. I've also seen this question but I'm not sure if this is the thing I need. I need to declare new Security Domain with Login Module somewhere outside standalone.xml.

Is there any simple solution to store Security domain Declaration and cofiguration in war-Deployment?

Thanks

Neral answered 28/6, 2013 at 12:14 Comment(0)
M
3

I don't think this is possible at the moment in a simple way (related JIRA issue). However, you can use jboss-as-maven-plugin as a workaround:

<profiles>
        <profile>
            <id>deploy-security-domain</id>
            <activation>
                <activeByDefault>false</activeByDefault>
            </activation>
            <build>
                <pluginManagement>
                    <plugins>
                        <plugin>
                            <groupId>org.jboss.as.plugins</groupId>
                            <artifactId>jboss-as-maven-plugin</artifactId>
                            <version>7.4.Final</version>
                            <executions>
                              <execution>
                                <id>add-security-domain</id>
                                <phase>install</phase>
                                <goals>
                                   <!-- This should work in both "standalone" and "domain" mode -->
                                   <goal>execute-commands</goal>
                                </goals>
                                <configuration>
                                  <execute-commands>
                                    <batch>true</batch>
                                    <commands>
                                      <command>/subsystem=security/security-domain=MyDomain:add(cache-type=default)</command>
                                      <command>/subsystem=security/security-domain=MyDomain/authentication=classic:add(login-modules=[{"code"=>"Database","flag"=>"required","module-options"=>[("dsJndiName"=>"java:jboss/datasources/UserDB"),("principalsQuery"=>"select password from users where user_name=?"),("rolesQuery"=>"select role, 'Roles' from user_roles where user_name=?"),("hashAlgorithm"=>"SHA-256"),("hashEncoding"=>"base64")]}]</command>
                                    </commands>
                                  </execute-commands>
                                </configuration>
                              </execution>
                            </executions>
                        </plugin>
                    </plugins>
                </pluginManagement>
            </build>
        </profile>
</profiles>

Execution:

mvn install -P deploy-security-domain

Another option would be a CLI script, that does more or less the same thing. Check out this quickstart project for an example.

Michigan answered 7/8, 2013 at 19:12 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.