Hi,
Hopefully someone can help me. I have
successfully deployed a web based admin tools in JBOSS-2.2.2_Tomcat-3.2.2 using
Jaas based security. My own UserLoginModule worked like a charm.
However other web applications and admin tools need to access the same set
of secured EJBs, I've tried many times without success to have a mixed of
secured and unsecured access to my beans from different web apps, what I
basically need is to allow anonymous login for readonly access. Does
anyone have any clue what I should do?
My
ideal set up would be as follows
===========================
[Tomcat] with public web applications (no
security) Machine 1.
|
[[[jBoss]]] --> [custom jaas user
login module] --> [Oracle DB] Machine 2a,
Machine 2b
|
[Tomcat] with secured web applications for
administrators Machine 3
All my
beans are secured using jaas:/custom. I have created a standalone java
application with hard-coded username/password and it connects well with JBoss,
however the same code placed in a web application failed miserably. any
idea?
Is it
possible to secure all write methods but allow read methods to be
public?
I know
it's a lot of questions, thanks for your patience.
Ernest
P.S. I'm pushing very hard for my company to
standardize on jBoss, eventually if this application prevails the entire
department of about 50 engineers can become dedicated jBoss users. -
go jBoss
|
Title: RE: [JBoss-user] manual
- Re: [JBoss-user] distributed security with JAAS Ernest Chen
- Re: [JBoss-user] distributed security with JAAS Scott M Stark
- RE: [JBoss-user] distributed security with JAAS Ernest Chen