Does anyone have experience bundling a datasource (-ds.xml) definition + login-config.xml as a service archive in jboss? I've been fighting with this for awhile to no avail. I'm just looking for some pointers on how I should be laying the .sar out. I want the .sar to ultimately live in a .ear. Any pointers greatly appreciated!
This is relatively straightforward task.
Your EAR file needs to have following layout:
my-app.ear
|+ META-INF
|+ applications.xml and jboss-app.xml
|+ myapp.war
|+ myapp.jar
|+ lib
|+ my-ds.xml
|+ my-login-module-service.xml
where my-ds.xml contains datasource definition as usual. my-login-module-service.xml defines MBean based on the DynamicLoginConfig class. These modules are then referenced within jboss-app.xml (custom JBoss deployment descriptor) as demostrated here:
<jboss-app>
<module>
<service>my-login-module-service.xml</service>
</module>
<module>
<service>my-ds.xml</service>
</module>
</jboss-app>
Easiest way how to create Login Module definition is to use support for embedded XML documents as attributes values. Such a config (my-login-module-service.xml) will looks like this:
<server>
<mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
name="jboss:service=DynamicLoginConfig">
<attribute name="PolicyConfig" serialDataType="jbxb">
<jaas:policy xsi:schemaLocation="urn:jboss:security-config:4.1 resource:security-config_4_1.xsd" xmlns:jaas="urn:jboss:security-config:4.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<jaas:application-policy name="userinrole">
<jaas:authentication>
<jaas:login-module code="org.jboss.security.auth.spi.XMLLoginModule" flag="required">
<jaas:module-option name="my-policy-123">
<ur:users xsi:schemaLocation="urn:jboss:user-roles:1.0 resource:user-roles_1_0.xsd" xmlns:ur="urn:jboss:user-roles:1.0">
<ur:user name="admin" password="admin123">
<ur:role name="MyUserRole"></ur:role>
<ur:role name="AdminUser"></ur:role
</ur:user>
</ur:users>
</jaas:module-option>
<jaas:module-option name="unauthenticatedIdentity">guest</jaas:module-option>
</jaas:login-module>
</jaas:authentication>
</jaas:application-policy>
</jaas:policy>
</attribute>
<depends optional-attribute-name="LoginConfigService">jboss.security:service=XMLLoginConfig</depends>
<depends optional-attribute-name="SecurityManagerService">jboss.security:service=JaasSecurityManager</depends>
</mbean>
</server>
You can verify successful deployment using JNDIVIew bean (java:/jaas/my-policy-123 in this example).
For deployment including custom classes it's better to choose SAR archive deployment together with custom code. In such a case you can separate MBean definition and Login Module config (META-INF/jboss-service.xml) :
<server>
<mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig">
<attribute name="AuthConfig">META-INF/login-config.xml</attribute>
<depends optional-attribute-name="LoginConfigService">jboss.security:service=XMLLoginConfig</depends>
<depends optional-attribute-name="SecurityManagerService">jboss.security:service=JaasSecurityManager</depends>
</mbean>
</server>
META-INF/login-config.xml will then contain your policy configuration.
I'm using this approach on JBoss AS 4.x.