How to configure JBoss 6 with custom auth-method

Question

Perhaps I could ask you if you guys if you could help me out how to configure JBoss 6 with a custom auth-method?
We are moving from JBoss 5 to JBoss 6. In 5 we got a web.xml with this login-tag

<login-config>
<auth-method>OURSSO</auth-method>
<realm-name>oursso</realm-name>
</login-config>

And a jboss-app.xml

<security-domain>oursso</security-domain>

And in login-config.xml

<application-policy name="oursso">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="sufficient">
<module-option name="usersProperties">props/mycomp-users.properties</module-option>
<module-option name="rolesProperties">props/mycomp-roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
<login-module code="rsa.ps.ct.jboss.jaas.OURSSOServerLoginModule" flag="required">
<module-option name="connectionProvider">rsa.access.manager:type=Service,name=RuntimeAPIClient</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
<module-option name="rolesProperties">props/mycomp-rolemapping-roles.properties</module-option>
<module-option name="replaceRole">true</module-option>
</login-module>
</authentication>
</application-policy>

And in war-deployers-jboss-beans.xml

<property name="authenticators">
<map class="java.util.Properties" keyClass="java.lang.String" valueClass="java.lang.String">
<entry>
<key>BASIC</key>
<value>org.apache.catalina.authenticator.BasicAuthenticator</value>
</entry>

...

<entry>
<key>OURSSO</key>
<value>com.mycomp.OurssoAuthenticator</value>
</entry>
</map>         
</property>

It seems like the auth-method in web.xml must match a key in war-deployers-jboss-beans.xml. How is the same accomplish in JBoss 6?

Best regards

Fredrik

Answer 1

I added these to my standalone-full.xml

<security-domain name="my-security-domain" cache-type="default">
    <authentication>
        <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
            <module-option name="usersProperties" value="file://${jboss.server.config.dir}/users.properties"/>
            <module-option name="rolesProperties" value="file://${jboss.server.config.dir}/roles.properties"/>
        </login-module>
    </authentication>
</security-domain>

In the file users.properties

123=qwe
456=asd

In the file roles.properties

123=role.A,role.B
456=role.B

In one of my beans in the server I annotate it with

@Stateless

@SecurityDomain("my-security-domain")
@RolesAllowed("role.A")
public class SecureStatelessBean extends SecureReturnAString implements SecureStatelessBeanLocal, SecureStatelessBeanRemote
{
 ...

In my web-application (running in the same server) I lookup the bean and login with this code

@EJB(lookup = "java:global/ejbtest-app/ejbtest-server-0.0.1-SNAPSHOT/SecureStatelessBean!se.albinoni.ejbtest.stateless.SecureStatelessBeanRemote")
private SecureStatelessBeanRemote secureStatelessBeanRemote;

...

private static SecurityClient getClientLogin() throws Exception
{
    final SecurityClient client = SecurityClientFactory.getSecurityClient();
    client.setSimple("123", "qwe");
    return client;
}

...

SecurityClient client = getClientLogin();
client.login();

secureStatelessBeanRemote.someMethod();  

Think that was it. But I still have not found out how to do the same from a remote standalone app.