[JBoss-user] [Security & JAAS/JBoss] - from web.xml && Tue, 02 Nov 2004 09:40:06 -0800 

Hello world,

Sorry if this question has already been posted here, but i'm quite new
in JBoss, so feel free to forward me to the relevant thread if necessary.

I'm buiding a webapp where users can be distinguished by they role.
I needed to respect JAAS, so 've defined this roles in myWebApp-roles.properties 
through my login-config-xml.

To protect some features of my app, i want an URL control list. That's i intend to do 
in my web.xml

The Authentication seems to be allright : i get my subjecvt and my principals ( 
Roles(members:BasicUser) ).

But i don't have acces to my url :
"GET /myWebApp/action/menuView HTTP/1.1" 302 -

It seems like if the role wasn't shared between my webapp and JBoss?

What's wrong ? What did i forget ?

Please help,

web.xml :
-----------
<security-constraint>
   <web-resource-collection>
      <web-resource-name>MyWebAppActions</web-resource-name>
      MyWebApp actions mappings
       <url-pattern>/action/menuView</url-pattern>              
       <http-method>HEAD</http-method>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       <http-method>PUT</http-method>
       <http-method>DELETE</http-method>                
    </web-resource-collection>
    <auth-constraint>
       <role-name>BasicUser</role-name>
    </auth-constraint>
    <user-data-constraint>
       <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
 </security-constraint>

login-config.xml :
-------------------
<application-policy name="myWebApp">
   
      <login-module code="org.jboss.security.ClientLoginModule" flag="required">
      </login-module>                   
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" 
flag="required">
         <module-option name="unauthenticatedIdentity">
            myAppGuest
         </module-option>
         <module-option name="usersProperties">
            myWebApp-users.properties
         </module-option> 
         <module-option name="rolesProperties">
            myWebApp-roles.properties
         </module-option>                               
      </login-module>                   
    
</application-policy>

myWebApp-roles.properties :
----------------------------------
MyUser=BasicUser

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3853647#3853647

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3853647


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to