I need help in security matters. I've read the JAAS Howto and got the (thin) client to sucessfully authenticate itself etc... (using DatabaseServerLoginModule). I'd like to try out the same with JSP pages (unfortunately no example but cannot be that different since it is in essence a servlet itself) but appear to have some problems. First, the web server doesn't give me the popup box for authentication (as advertised in the Howto), so I decided to do this via a login page. Not a big problem since this is much closer to a real-life scenario anyway (we'll need this later on). The first problem is that the webcontainer does't seem to know about the security-authentication mechanism since it says: [Default] java.io.IOException: Properties file users.properties not found [Default] at org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:200) I'd expect any errors to come from the DatabaseServerLoginModule. What didn't I do, and where should I put my client's auth.conf? WEB deployment descriptors attch'd. Thanks in advance ;) -- Nicolai P Guba http://www.gnu.org http://www.frontwire.com mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] GSM: +44 (0)7909 960 751 DDI: +44 (0)20 7368 9708
<?xml version="1.0"?> <!DOCTYPE web-app SYSTEM "web.dtd"> <web-app> <description>Frontwire Workspace Demo</description> <taglib> <taglib-uri>/hello</taglib-uri> <taglib-location>/WEB-INF/tlds/hello.tld</taglib-location> </taglib> <resource-ref> <res-ref-name>jdbc/CAMS</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref> <security-constraint> <web-resource-collection> <web-resource-name>Restricted</web-resource-name> <description>Declarative Security Test</description> <url-pattern>/workspace/*</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>guest</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Frontwire Workspace Demo</realm-name> </login-config> <security-role> <role-name>guest</role-name> </security-role> <ejb-ref> <ejb-ref-name>ClientController</ejb-ref-name> <ejb-ref-type>Session</ejb-ref-type> <home>com.frontwire.cams.session.clientcontroller.ClientControllerHome</home> <remote>com.frontwire.cams.session.clientcontroller.ClientController</remote> </ejb-ref> </web-app>
<?xml version="1.0"?> <jboss-web> <security-domain>java:/jaas/frontwire-platform</security-domain> <ejb-ref> <ejb-ref-name>ClientController</ejb-ref-name> <jndi-name>ejb/cmp/ClientController</jndi-name> </ejb-ref> </jboss-web>