[JBoss-user] [Security & JAAS/JBoss] - Re: Help needed in getting support for https in JBOSS

Sat, 17 Jun 2006 03:56:17 -0700 

HI j2ee_junkie

I have created  sample struts application
with login page and display page when i submit

To switch from http to https
that is i should be able to access the login page
with http but when i give submit it should  go into secure mode and the next 
page should be displayd
As per your instructions i made changes in web.xml file
to include

security-constraint> 
          <web-resource-collection> 
                  <web-resource-name>Sample Application</web-resource-name> 
                  Require users to authenticate 
                  <url-pattern>*.do</url-pattern> 
                  <http-method>POST</http-method> 
                  <http-method>GET</http-method> 
          </web-resource-collection> 
                  <auth-constraint> 
                        Only allow Authenticated_users role 
                        <role-name>TEST_ROLE_NAME</role-name> 
                  </auth-constraint> 
                  <user-data-constraint> 
                  Encryption is not required for the application in general.  
                  <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
                  </user-data-constraint> 
        </security-constraint> 
        <security-role>
                <role-name>TEST_ROLE_NAME</role-name>
        </security-role>
      
        
        <login-config>

    <auth-method>BASIC</auth-method>
    <realm-name>TEST_REALM_NAME</realm-name>
  </login-config>


i created  users.properties and roles.properties in conf directory to include 
appropriate parameters

now when i try to go to http://localhost:8080/Struts4

i do get the login page but when i go for submit
i get authenctication dialog asking for username and password for 
TEST_REALM_NAME
and when i give the correct parameters authentication happens properly
and i again go to the first page  i.e the login page only differnce now is it 
the same  login page but with https://
but the what the real requirementa of mine are

1. when i first open the login page in http:// 
and i submit the login credential( jsp page) and give the submit button
i should go into secure mode and should go to the next page ie it should have 
https in the url


2. I should not get any authentication dialog(TEST_REAL_NAME)  asking for 
username and password ,
 directly i should go to the next page when i give
the submit button .i.e there should not come any authenticaion dialog while 
switching from http to https

J2ee_junkie can u give me any idea regarding this
appreciate  your response in this regard


Thanks
BHanu

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3951449#3951449

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3951449


_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to