[JBoss-user] JAAS and JSP

Wed, 08 Aug 2001 00:56:55 -0700 

I need help in security matters.

I've read the JAAS Howto and got the (thin) client to sucessfully
authenticate itself etc... (using DatabaseServerLoginModule).

I'd like to try out the same with JSP pages (unfortunately no example
but cannot be that different since it is in essence a servlet itself)
but appear to have some problems.

First, the web server doesn't give me the popup box for authentication
(as advertised in the Howto), so I decided to do this via a login page. 
Not a big problem since this is much closer to a real-life scenario
anyway (we'll need this later on).

The first problem is that the webcontainer does't seem to know about the
security-authentication mechanism since it says:

[Default] java.io.IOException: Properties file users.properties not
found
[Default]       at
org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:200)


I'd expect any errors to come from the DatabaseServerLoginModule.

What didn't I do, and where should I put my client's auth.conf? 

WEB deployment descriptors attch'd.

Thanks in advance ;)
-- 
  Nicolai P Guba    http://www.gnu.org         http://www.frontwire.com
                    mailto:[EMAIL PROTECTED]     mailto:[EMAIL PROTECTED]
                    GSM: +44 (0)7909 960 751   DDI: +44 (0)20 7368 9708

<?xml version="1.0"?>
<!DOCTYPE web-app SYSTEM "web.dtd">
<web-app>
  <description>Frontwire Workspace Demo</description>

  <taglib>
    <taglib-uri>/hello</taglib-uri>
    <taglib-location>/WEB-INF/tlds/hello.tld</taglib-location>
  </taglib>

  <resource-ref>
    <res-ref-name>jdbc/CAMS</res-ref-name>
    <res-type>javax.sql.DataSource</res-type>
    <res-auth>Container</res-auth>
  </resource-ref>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Restricted</web-resource-name>
      <description>Declarative Security Test</description>
      <url-pattern>/workspace/*</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>guest</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Frontwire Workspace Demo</realm-name>
  </login-config>

  <security-role>
    <role-name>guest</role-name>
  </security-role>

  <ejb-ref>
    <ejb-ref-name>ClientController</ejb-ref-name>
    <ejb-ref-type>Session</ejb-ref-type>
    <home>com.frontwire.cams.session.clientcontroller.ClientControllerHome</home>
    <remote>com.frontwire.cams.session.clientcontroller.ClientController</remote>
  </ejb-ref>

</web-app>
<?xml version="1.0"?>
<jboss-web>
  <security-domain>java:/jaas/frontwire-platform</security-domain>
    
  <ejb-ref>
    <ejb-ref-name>ClientController</ejb-ref-name>
    <jndi-name>ejb/cmp/ClientController</jndi-name>
  </ejb-ref>

</jboss-web>

Reply via email to