[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Migrating from Weblogic to JBoss : problem with wepapp a
After many research, I think the answer is here : http://wiki.jboss.org/wiki/Wiki.jsp?page=PortingFromWeblogic For weblogic users : There is a important difference between jboss and weblogic for webapp (and I suppose for EJB too) : In weblogic : you can map a role to realm groups/users using the weblogic.xml. You can have user joe and group users that build a single role theRole you referenced in your web.xml. This way allows to avoid having applications group to be spread in the realm. In Jboss : the role-name you provide in your web.xml must be the group name you have in your realm (I don't think this word is useable in a jboss world). At the moment, I don't really understand what jboss-web.xml is aimed at concerning these features. To my mind, it's a little limitation jboss developer could look at. I hope this post will help former weblogic users Dom View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3888604#3888604 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3888604 --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Migrating from Weblogic to JBoss : problem with wepapp a
Hello Scott and thank you for answering, I think I don't understand the whole thing, though it's clear to me when I use Weblogic. Maybe you can help me to improve my undestanding of jboss, can't you ? What I understand : Application developer want to restraitn access to specific URL and so use a security-constraint with a auth-constraint. From what I understand, the role-name of the auth-constraint are logical roles, ie, roles that as a business sense from the application developer point of view. In my case, the logical role is utilisateurCollaborateur. For each role-name you use in the auth-constraint, you have to add a security-role in you web.xml As the application developer is not the application deployer, there has to be a way to do the mapping that says which users have the roles the application developer need to deal with. Actually, I believe the way to do that is the use of jboss-web.xml. In Jboss-web.xml, for each role you mentioned in the auth-constraint, you have to the mapping role-name -- principal-name, where principal-name is the name of a user or a group you can find in you security realm. You can have several realm users/groups that builds a single role. That allows to avoid spreading application specific groups in the realm that exists anyway. As the realm is managed elsewhere and in it users may belong to specific group (I don't say role here), the whole thing has sense to me, and that's what I understand from the jboss documentation that I read carefully. This allow the application developer to use request.isUserInRole too, using security-role, instead of real groups of the db. If it's not the way it works, can you tell me where I'm wrong ? I'm looking forward to your answer. Dom [EMAIL PROTECTED] wrote : the only use of principal-name in the security-role is to assign additional roles to run-as principals. Authenticated users obtain their roles from the jaas login. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3888373#3888373 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3888373 --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Migrating from Weblogic to JBoss : problem with wepapp a
the only use of principal-name in the security-role is to assign additional roles to run-as principals. Authenticated users obtain their roles from the jaas login. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3888218#3888218 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3888218 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Migrating from Weblogic to JBoss : problem with wepapp a
I precise that if in my jboss-web.xml I use a role-name which is not declared in a security-role of the web.xml, the webapp is not deployed saying there is a mistake in the jboss-web.xml, which is normal. So, my problem is that utilisateurCollaborateur is not mapped to the principal-name I provided. Is there a debug feature I could turn on to help me find out what's going wrong ? View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3887856#3887856 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3887856 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user