JBoss and JAAS debug

I’m having a lot of problems debugging an application that is supposedly to be able to run on JBoss…

One of the main issues is the authentication process between the Web Container and the EJB container. For authentication the Java JAAS architecture is used. Jboss has different configuration files than BEA or WebSphere, namely the configuration file login-config.xml. In this file an application policy is defined, namely how users are validated: if they use a file with user/password, database or LDAP. In this file an application policy used by the EJB and WEB cointaner must be defined (it can be the same).

On the Web container/application side, the jboss-web.xml file on the WEB-INF folder of the Web application has the Authentication domain used for login that, of course, must match the other configuration files, in this case the login-config.xml file and the web.xml file. The web.xml file must also protect the resources that access the EJB container. This means that users must pass container authentication so a JAAS instantiation is built.

So the quick tip is:

1) Make sure that everything connects: login-config.xml<-> jboss-web.xml <-> web.xml

Content of jboss-web.xml file on the Web application WEB-INF directory:


2) Make sure that on your web.xml file the <realm-name> on the <login-config> section matches the name on the security domain, in this case APPLICATION_DOMAIN.

3) On Jboss login-config.xml file a there should be also an <application-policy name=”APPLICATION_DOMAIN”> with the configuration that you need (Database module, LDAP module.

But this might be not enough, so if you need to debug the JAAS, you can add to the log4j.xml file the following:

On the log4j.xml file add the following sections:

<category name="org.jboss.security">
    <priority value="TRACE" class="org.jboss.logging.XLevel"/>
    <appender-ref ref="SECURITY_F"/>
</category> <appender name="SECURITY_F"
    <param name="Append" value="true"/>
    <param name="DatePattern" value="'.'yyyy-MM-dd"/>
    <param name="File"
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern"
            value="%d{ABSOLUTE} %-5p [%c] %m%n"/>

This is more or les in the middle of the file, just where the <category-name> section begins.

With this configuration a new log file named jboss.security.log will be created with the JAAS information, so you can see what’s going on.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s