Hi,
Iam using the JDeveloper and JBoss to develop my web application using JSF. And
the data is retrieved from the database(Oracle). I have implemented the
DatabaseServerLoginModule for Authorization and Authentication. Here is code I
have in the backingbean method of the Login button.
SecurityAssociationHandler handler = new SecurityAssociationHandler();
SimplePrincipal user = new SimplePrincipal(j_username.getValue().toString());
handler.setSecurityInfo(user, j_password.getValue().toStrin().toCharArray());
LoginContext loginContext =
new LoginContext("testDB", (CallbackHandler)handler);
loginContext.login();
Subject subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
principals.add(user);
When I print the principals it is giving me the correct details from the
database. The Authentication is working perfectly. I'm confused how to go from
here for the authorization part. I have declared the page-level security in the
web.xml and it is not working (no exceptions thrown). Role name with 'user' is
able to access the pages under /admin folder.
Content of web.xml related to authorization-
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrator</web-resource-name>
<url-pattern>/faces/admin/*</url-pattern>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
Administrator
<role-name>admin</role-name>
</security-role>
Please advise me how to do the authorization part from here.
Thanks In Advance.
SR.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4064678#4064678
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4064678
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
