Dear colleagues,
This is to let you know that I have now managed to implement a simple security
in my webapp. I have followed the starting guide that came with JBoss 4 and to
do some guess works which have paid off.
I have used 4 steps to solve the problem:
Step 1: entries in the web.xml file
<security-constraint>
<web-resource-collection>
<web-resource-name>mywebapp</web-resource-name>
An example security config only allows users with the
role Admin to access my web application
<url-pattern>/protected/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>Admin</role-name>
</security-role>
<!--Login config-->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/unprotected/login.jsp</form-login-page>
<form-error-page>/unprotected/login_error.jsp</form-error-page>
</form-login-config>
</login-config>
Step 2: entry in the jboss-web.xml
<jboss-web>
<security-domain>
java:/jaas/SCWCDWeb2
</security-domain>
</jboss-web>
Notes: In this case, SCWCDWeb2 is the name of my web app.
Step 3: entry in the login-config.xml file
<application-policy name = "SCWCDWeb2">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option
name="usersProperties">SCWCDWeb2-users.properties</module-option>
<module-option
name="rolesProperties">SCWCDWeb2-roles.properties</module-option>
</login-module>
</application-policy>
Notes: In this case, SCWCDWeb2 is the name of my web app.
Step 4: entries in SCWCDWeb2-users.properties and SCWCDWeb2-roles.properties
* These two files sit in the src directory
* entry in the SCWCDWeb2-users.properties is in the format username = password,
e.g. joe = blog
* entry in the SCWCDWeb2-roles.properties is in the form of username =
roleName, e.g. joe = Admin
Notes:
* In this case, SCWCDWeb2, the prefix of the file names, is the name of my web
app.
* The role name Admin must be defined in the web.xml file, e.g.
<role-name>Admin</role-name>
--------------
I am not sure if this is the best way to do this, but if anyone finds a better
way, I would like to know.
Thanks,
Koudry
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3877680#3877680
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3877680
-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
