Title: RE: [JBoss-user] manual
Hi,
 

Hopefully someone can help me.

I have successfully deployed a web based admin tools in JBOSS-2.2.2_Tomcat-3.2.2 using Jaas based security.  My own UserLoginModule worked like a charm.  However other web applications and admin tools need to access the same set of secured EJBs, I've tried many times without success to have a mixed of secured and unsecured access to my beans from different web apps, what I basically need is to allow anonymous login for readonly access.  Does anyone have any clue what I should do?
 
My ideal set up would be as follows
===========================
 
[Tomcat] with public web applications (no security)   Machine 1.
      |
[[[jBoss]]] --> [custom jaas user login module] --> [Oracle DB]     Machine 2a, Machine 2b
      |
[Tomcat] with secured web applications for administrators   Machine 3
 
All my beans are secured using jaas:/custom.  I have created a standalone java application with hard-coded username/password and it connects well with JBoss, however the same code placed in a web application failed miserably.  any idea?
 
Is it possible to secure all write methods but allow read methods to be public?
 
I know it's a lot of questions, thanks for your patience.
 
Ernest
 
P.S.  I'm pushing very hard for my company to standardize on jBoss, eventually if this application prevails the entire department of about 50 engineers can become dedicated jBoss users.   - go jBoss
 

Reply via email to