Can a JAAS login module be deployed in an EAR (on JBoss 5)?

The subject pretty much sums up the question. Normally a JAAS login module is deployed outside of an EAR application (which uses the authentication service, but doesn't deploy it).

Is it possible to deploy it in the EAR, though? There are advantages (code reuse, better integration with the app). I'm only interested in usi开发者_JAVA百科ng the module for that application (in fact, that app will be the only one running in the server anyway).

You can create a proper secure domain definition in the file with the name xxx-jboss-beans.xml (where xxx can be anything) and place that file in the deploy directory or inside the application (in META-INF directory).

Sample file:

<?xml version="1.0" encoding="UTF-8"?>

<deployment xmlns="urn:jboss:bean-deployer:2.0">

  <application-policy xmlns="urn:jboss:security-beans:1.0" name="web-test">
    <authentication>
      <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
        <module-option name = "unauthenticatedIdentity">anonymous</module-option>
        <module-option name="usersProperties">userfile</module-option>
        <module-option name="rolesProperties">rolefile</module-option>
      </login-module>
    </authentication>
  </application-policy>

</deployment>

You can read more int that article: Security Features of JBoss AS 5.1 - Part 1 - Simplified Security Domain Configuration

This is definitely possible with JBoss 6.0.0. Just include your jar in the ear. Nothing else is required. Don't know if this works with earlier versions of JBoss.

Sorry for waking the zombie :)