Search code examples
authenticationauthorizationwildfly-8

Wildfly 8 not finding MyLoginModule

I realized my implementation of Loginmodule. Installed into WildFly 8.2.0.Final as module. Configure Security Domain. add jboss-web.xml into my WebApplication in WEB-INF directory, with name of security-domain.

And when I initiate login at web form, I had this error in wildfly:

PBOX000206: Login failure: javax.security.auth.login.LoginException: unable to find LoginModule class: my.webapp.auth.WildLoginModule from [Module "deployment.MyWebApp.war:main" from Service Module Loader]

Why it cannot find my class? when this class resides in jar in wildfly modules. What is more strange, it woks a couple weeks ago!

Solution

  • At last I've found my answer. I thought mistake should be in configuration of Wildfly, after long reserch and many ways of testing, I've found that my implementation of LoginModule works only if it resides in my WebApplication. But I wanted a separate module, I wanted my WebApp clean from Security realization.

    So this is why 'it woks a couple weeks ago!', cause this loginModule was inside my webapp.

    Steps to use you own JAAS loginModule:

    By the way, this resource JBoss AS7 helped me a lot in my situation

    1. Implement your own Principals, Login module (how to do this you may find in i-net)
    2. Pack this to jar

    3. Install like module into Wildfly (if you need to use it in many projects)

      Using CLI install jar as module

      hint from resource

      Things to remember

      When you create your own module, do not forget to add dependency on "org.picketbox" and "javax.api" in the module.xml of your custom module.

      module add --name=my.security.module --resources=/path/to/MyLoginModule.jar --dependencies=javax.api,org.picketbox,my.dependencies

    4. Add Security Domain in Wildfly (GUI, CLI or manual edition standalone.xml)

      And my mistake was at this step. My sec.domain looks like this:

      <security-domain name="mysecdomain" cache-type="default">
        <authentication>
                <login-module code="my.code.MyLoginModule" flag="required">
                    <module-option name="jndiDb" value="java:/datasources/myDataSource"/>
                    <module-option name="userQuery" value=""/>
                    <module-option name="roleQuery" value=""/>
                </login-module>
            </authentication>
</security-domain>

      This is why it couldn't find my code, it doesn't know in what module to find my code. So this part of standalone.xml should look like this:

      <security-domain name="mysecdomain" cache-type="default">
        <authentication>
                <login-module code="my.code.MyLoginModule" flag="required" ___module="my.security.module"___ >
                    <module-option name="jndiDb" value="java:/datasources/myDataSource"/>
                    <module-option name="userQuery" value=""/>
                    <module-option name="roleQuery" value=""/>
                </login-module>
            </authentication>
</security-domain>

      I didn't configure, or I missed some params in CLI for this param, but this module="my.security.module" should be in your config.

    After that my webapp could make login and use this security module.