<target name="deploy" depends="install"\r
description="deploy authentication service in ${jboss.server.cspace}">\r
<copy file="${basedir}/target/${authentication.jar}" todir="${jboss.server.cspace}/lib"/>\r
+ <copy tofile="${jboss.server.cspace}/conf/login-config.xml.org"\r
+ file="${jboss.server.cspace}/conf/login-config.xml"\r
+ overwrite="false"/>\r
+ \r
+ <copy tofile="${jboss.server.cspace}/conf/login-config.xml"\r
+ file="${src}/main/resources/config/login-config.xml"\r
+ overwrite="true"/>\r
<copy todir="${jboss.server.cspace}/cspace/services">\r
<fileset dir="${src}/main/resources/"/>\r
</copy>\r
- <echo message="Add authentication-policy cspace from ${jboss.server.cspace}/cspace/services/jboss-login-config.xml to ${jboss.server.cspace}/conf/login-config.xml"/>\r
- <echo message="See Authentication Service Configuration Guide on wiki.collectionspace.org for more details" />\r
+ <echo message="Check out Authentication Service Configuration Guide on wiki.collectionspace.org for more details" />\r
</target>\r
\r
<target name="undeploy"\r
description="undeploy authentication service from ${jboss.server.cspace}">\r
<delete file="${jboss.server.cspace}/lib/${authentication.jar}"/>\r
- <echo message="Remove authentication-policy cspace from ${jboss.server.cspace}/conf/login-config.xml"/>\r
- <echo message="See Authentication Service Configuration Guide on wiki.collectionspace.org for more details"/>\r
+ <copy tofile="${jboss.server.cspace}/conf/login-config.xml"\r
+ file="${jboss.server.cspace}/conf/login-config.xml.org"\r
+ overwrite="true" failonerror="false" />\r
+ <echo message="Check out Authentication Service Configuration Guide on wiki.collectionspace.org for more details"/>\r
</target>\r
\r
<target name="dist"\r
--- /dev/null
+<?xml version='1.0'?>
+<!DOCTYPE policy PUBLIC
+ "-//JBoss//DTD JBOSS Security Config 3.0//EN"
+ "http://www.jboss.org/j2ee/dtd/security_config.dtd">
+<!-- The XML based JAAS login configuration read by the
+org.jboss.security.auth.login.XMLLoginConfig mbean. Add
+an application-policy element for each security domain.
+
+The outline of the application-policy is:
+<application-policy name="security-domain-name">
+ <authentication>
+ <login-module code="login.module1.class.name" flag="control_flag">
+ <module-option name = "option1-name">option1-value</module-option>
+ <module-option name = "option2-name">option2-value</module-option>
+ ...
+ </login-module>
+
+ <login-module code="login.module2.class.name" flag="control_flag">
+ ...
+ </login-module>
+ ...
+ </authentication>
+</application-policy>
+
+$Revision: 64598 $
+-->
+
+<policy>
+ <!-- Used by clients within the application server VM such as
+ mbeans and servlets that access EJBs.
+ -->
+ <application-policy name = "client-login">
+ <authentication>
+ <login-module code = "org.jboss.security.ClientLoginModule"
+ flag = "required">
+ <!-- Any existing security context will be restored on logout -->
+ <module-option name="restore-login-identity">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domain for JBossMQ -->
+ <application-policy name = "jbossmq">
+ <authentication>
+ <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
+ flag = "required">
+ <module-option name = "unauthenticatedIdentity">guest</module-option>
+ <module-option name = "dsJndiName">java:/DefaultDS</module-option>
+ <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
+ <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domain for JBossMQ when using file-state-service.xml
+ <application-policy name = "jbossmq">
+ <authentication>
+ <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
+ flag = "required">
+ <module-option name = "unauthenticatedIdentity">guest</module-option>
+ <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+ -->
+
+ <!-- Security domains for testing new jca framework -->
+ <application-policy name = "HsqlDbRealm">
+ <authentication>
+ <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag = "required">
+ <module-option name = "principal">sa</module-option>
+ <module-option name = "userName">sa</module-option>
+ <module-option name = "password"></module-option>
+ <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <application-policy name = "JmsXARealm">
+ <authentication>
+ <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag = "required">
+ <module-option name = "principal">guest</module-option>
+ <module-option name = "userName">guest</module-option>
+ <module-option name = "password">guest</module-option>
+ <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the jmx-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name = "jmx-console">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
+ <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the web-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name = "web-console">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option name="usersProperties">web-console-users.properties</module-option>
+ <module-option name="rolesProperties">web-console-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!--
+ A template configuration for the JBossWS security domain.
+ This defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name="JBossWS">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag="required">
+ <module-option name="usersProperties">props/jbossws-users.properties</module-option>
+ <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
+ <module-option name="unauthenticatedIdentity">anonymous</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+<application-policy name="cspace">
+ <authentication>
+ <login-module code="org.collectionspace.authentication.jaas.CSpaceJBossDBLoginModule"
+ flag="required">
+ <module-option name="dsJndiName">CspaceDS</module-option>
+ <module-option name="hashAlgorithm">SHA-256</module-option>
+ <module-option name="ignorePasswordCase">false</module-option>
+ <module-option name = "principalClass">org.collectionspace.authentication.CSpacePrincipal</module-option>
+ <module-option name="principalsQuery">
+ select passwd from users where username=?
+ </module-option>
+ <module-option name="rolesQuery">
+ select rolename, 'Roles' from users_roles where username=?
+ </module-option>
+ <module-option name="tenantsQuery">
+ select t.id, t.name, 'Tenants' from accounts_common as a, accounts_tenants as at, tenants as t where a.userid=? and a.csid = at.TENANTS_ACCOUNTSCOMMON_CSID and at.tenant_id = t.id
+ </module-option>
+ </login-module>
+ </authentication>
+</application-policy>
+
+ <!-- The default login configuration used by any security domain that
+ does not have a application-policy entry with a matching name
+ -->
+ <application-policy name = "other">
+ <!-- A simple server login module, which can be used when the number
+ of users is relatively small. It uses two properties files:
+ users.properties, which holds users (key) and their password (value).
+ roles.properties, which holds users (key) and a comma-separated list of
+ their roles (value).
+ The unauthenticatedIdentity property defines the name of the principal
+ that will be used when a null username and password are presented as is
+ the case for an unuathenticated web client or MDB. If you want to
+ allow such users to be authenticated add the property, e.g.,
+ unauthenticatedIdentity="nobody"
+ -->
+ <authentication>
+ <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required" />
+ </authentication>
+ </application-policy>
+
+</policy>
+
projects / tmp / jakarta-migration.git / commitdiff