Here is my maven glassfish plugin config. The custom Realm and LoginModule are developed in a separate maven module, configured as a dependency (glassfish-ldap-auth) and it gets included in the classpath just fine, Glassfish has no problems locating the required classes.
<plugin>
<groupId>org.glassfish</groupId>
<artifactId>maven-embedded-glassfish-plugin</artifactId>
<version>3.0</version>
<configuration>
<app>${project.build.directory}/${build.finalName}.war</app>
<port>20123</port>
<contextRoot>${artifactid}</contextRoot>
<instanceRoot>${project.build.directory}/gfembed${maven.build.timestamp}</instanceRoot>
<autoDelete>true</autoDelete>
<configFile>${basedir}/src/test/domain.xml</configFile>
</configuration>
<dependencies>
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc6</artifactId>
<version>11.1.0.6.0</version>
</dependency>
<dependency>
<groupId>com.navirec</groupId>
<artifactId>glassfish-ldap-auth</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>integration-setup</id>
<phase>pre-integration-test</phase>
<goals>
<goal>start</goal>
<goal>deploy</goal>
</goals>
</execution>
<execution>
<id>integration-teardown</id>
<phase>post-integration-test</phase>
<goals>
<goal>undeploy</goal>
<goal>stop</goal>
</goals>
</execution>
</executions>
</plugin>
For the testing i've created my own domain.xml file which mostly deals with setting up resources and all that part works fine. I declare my custom Realm there also.
For clarity i stripped out the non interesting parts
<domain log-root="${com.sun.aas.instanceRoot}/logs" application-root="${com.sun.aas.instanceRoot}/applications" version="10.0">
<system-applications />
<applications />
<resources>
<jdbc-resource pool-name="__TimerPool" jndi-name="jdbc/__TimerPool" object-type="system-admin" />
</resources>
<servers>
<server name="server" config-ref="server-config">
<resource-ref ref="jdbc/__TimerPool" />
<resource-ref ref="jdbc/__default" />
</server>
</servers>
<configs>
<config name="server-config">
...
<security-service activate-default-principal-to-role-mapping="true" jacc="simple">
<auth-realm name="NavirecRealm" classname="com.navirec.glassfish.auth.NavirecRealm">
<property description="" name="jaas-context" value="navirecRealm" />
<property description="" name="directory" value="ldap://track" />
<property description="" name="java.naming.security.principal" value="xxx" />
<property description="" name="java.naming.security.credentials" value="xxx" />
<property description="" name="java.naming.security.authentication" value="simple" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
<property value="admin-keyfile" name="file" />
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
<property value="keyfile" name="file" />
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default">
<property value="${com.sun.aas.instanceRoot}/generated/policy" name="repository" />
</jacc-provider>
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" />
<audit-module classname="com.sun.enterprise.security.Audit" name="default">
<property value="false" name="auditOn" />
</audit-module>
<message-security-config auth-layer="SOAP">
<provider-config provider-id="XWS_ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-type="client">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="dynamic.username.password" />
<property value="false" name="debug" />
</provider-config>
<provider-config provider-id="ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-type="client">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="dynamic.username.password" />
<property value="false" name="debug" />
<property value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" name="security.config" />
</provider-config>
<provider-config provider-id="XWS_ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-type="server">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="debug" />
</provider-config>
<provider-config provider-id="ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-type="server">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="debug" />
<property value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" name="security.config" />
</provider-config>
</message-security-config>
</security-service>
<monitoring-service>
<module-monitoring-levels />
</monitoring-service>
<java-config debug-enabled="false" debug-options="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=9009" >
<jvm-options>-Djava.security.auth.login.config=path/to/src/test/login.conf</jvm-options>
</java-config>
...
</config>
</configs>
<property name="administrative.domain.name" value="domain1"/>
</domain>
For the NavirecRealm to work, an accompanying LoginModule has to be defined in login.conf. For me it's:
navirecRealm {
com.navirec.glassfish.auth.LdapLoginModule required;
};
and then in web application's web.xml i put my realm name and security constraints as usual:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>NavirecRealm</realm-name>
</login-config>
That should about cover the configuration part. The above setup works perfectly in my standalone Glassfish where i've modified the existing login.conf
For tests i start Maven with command line:
mvn -Djava.security.auth.login.config=src/test/config/login.conf embedded-glassfish:run
which builds everything and then starts the server and deploys the newly built application. When i try to access the app, authentication fails with error message:
[b]WARNING: Web login failed: Login failed: javax.security.auth.login.LoginException: No LoginModules configured for navirecRealm
[/b]
It is simply the matter of getting my login.conf accepted by the embedded Glassfish. I've checked the actual paths and filenames i'm using over and over again, they are correct but Glassfish still loads the default login.conf
[Message sent by forum member 'tanel3']
http://forums.java.net/jive/thread.jspa?messageID=396921