Hello all. I'm brand new to JBoss Security and JAAS, so I'll just jump right in here.
I have a simple application and a simple JSP. I want to secure access to the JSP based on a role. The role who should be able to access the JSP (report.jsp) is "userAdmin". To the jboss-web.xml I've added: | <security-domain>java:/jaas/kickstart</security-domain> | To the web.xml I've added: | <security-constraint> | <web-resource-collection> | <web-resource-name>HtmlAdaptor</web-resource-name> | <description>Allow userAdmin(s) access to report.jsp | </description> | <url-pattern>/report.jsp</url-pattern> | </web-resource-collection> | <auth-constraint> | <role-name>userAdmin</role-name> | </auth-constraint> | </security-constraint> | | <login-config> | <auth-method>BASIC</auth-method> | <realm-name>Kickstart</realm-name> | </login-config> | | <security-role> | <role-name>userAdmin</role-name> | </security-role> | To the login-config.xml I've added: | <application-policy name="kickstart"> | <authentication> | <login-module code="com.ccbill.kickstart.support.auth.CCBLoginModule" flag="required"> | </login-module> | </authentication> | </application-policy> | The CCBLoginModule code I have added by implementing LoginModule and I'm deploying it with the application (i.e. this code is bundled in the .ear). When I try to access http://host:443/kickstart/report.jsp I get prompted with a standard login dialogue. However, when I OK that dialoge I don't get authenticated. After looking at the logs I discovered why: | 2005-02-14 14:47:04,102 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /kickstart/report.jsp | 2005-02-14 14:47:04,103 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[HtmlAdaptor]' against GET /report.jsp --> true | 2005-02-14 14:47:04,103 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission() | 2005-02-14 14:47:04,103 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions | 2005-02-14 14:47:04,103 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate() | 2005-02-14 14:47:04,103 DEBUG [org.apache.catalina.realm.JAASRealm] Authenticating jboss.web admin | 2005-02-14 14:47:04,103 DEBUG [org.apache.catalina.realm.JAASRealm] Login context created admin | 2005-02-14 14:47:04,111 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=admin | 2005-02-14 14:47:04,112 DEBUG [org.apache.catalina.realm.JAASRealm] Username admin NOT authenticated due to failed login | 2005-02-14 14:47:04,112 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test | 2005-02-14 14:47:08,190 DEBUG [org.apache.coyote.http11.Http11Protocol] IOException reading request | According to the log, specifically "[org.jboss.security.auth.spi.UsersRolesLoginModule]" that line, JBoss is still using UsersRolesLoginModule to authenticate report.jsp. I've looked into it, and it looks like this module is set to fire when the "other" security domain is invoked, but I've deployed my application to use the kickstart security domain. What am I missing in the way of configuration to make JBoss use the kickstart security domain? Thanks in advance for straightening me out. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3866560#3866560 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3866560 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
