Dear colleagues, This is to let you know that I have now managed to implement a simple security in my webapp. I have followed the starting guide that came with JBoss 4 and to do some guess works which have paid off.
I have used 4 steps to solve the problem: Step 1: entries in the web.xml file <security-constraint> <web-resource-collection> <web-resource-name>mywebapp</web-resource-name> An example security config only allows users with the role Admin to access my web application <url-pattern>/protected/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>Admin</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>Admin</role-name> </security-role> <!--Login config--> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/unprotected/login.jsp</form-login-page> <form-error-page>/unprotected/login_error.jsp</form-error-page> </form-login-config> </login-config> Step 2: entry in the jboss-web.xml <jboss-web> <security-domain> java:/jaas/SCWCDWeb2 </security-domain> </jboss-web> Notes: In this case, SCWCDWeb2 is the name of my web app. Step 3: entry in the login-config.xml file <application-policy name = "SCWCDWeb2"> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties">SCWCDWeb2-users.properties</module-option> <module-option name="rolesProperties">SCWCDWeb2-roles.properties</module-option> </login-module> </application-policy> Notes: In this case, SCWCDWeb2 is the name of my web app. Step 4: entries in SCWCDWeb2-users.properties and SCWCDWeb2-roles.properties * These two files sit in the src directory * entry in the SCWCDWeb2-users.properties is in the format username = password, e.g. joe = blog * entry in the SCWCDWeb2-roles.properties is in the form of username = roleName, e.g. joe = Admin Notes: * In this case, SCWCDWeb2, the prefix of the file names, is the name of my web app. * The role name Admin must be defined in the web.xml file, e.g. <role-name>Admin</role-name> -------------- I am not sure if this is the best way to do this, but if anyone finds a better way, I would like to know. Thanks, Koudry View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3877680#3877680 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3877680 ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user