how to setup simple realm hadling with JBoss-2.4.4 / Catalin
chgrimm Apr 4, 2002 5:19 AMI don't know wherelese to post, so I'll put this here
TOPIC: HowTo for setting up simple authentication with JBoss 2.4.4 and integrated Catalina 4.0x
1. set up the standard definitions in the web.xml deployment descriptor as specified in sun's servlet specification
example for for restricting the whole webapp content to authenticated users:
used role: my_role
<web-app>
...
<security-constraint>
<web-resource-collection>
<web-resource-name>alldocs</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>my_role</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My Realm Name</realm-name>
</login-config>
<security-role>
My Role Description
<role-name>my_role</role-name>
</security-role>
...
</web-app>
the <realm-name> element does not matter at all for our config, give it anything you want
2. add the jboss-web.xml deployment descriptor
additionally to the web.xml deployment descriptor you need a jboss-specific deployment descriptor named jboss-web.xml, that you put in the WEB-INF directory.
in this you specify, which security domain you want to use:
for our example, we use a security domain called "other" for which the
jboss distribution already provides the appropriate definitions
put the following into the jboss-web.xml file:
<?xml version="1.0" encoding="ISO-8859-1"?>
<jboss-web>
<security-domain>java:/jaas/other</security-domain>
</jboss-web>
3. specifiy the user name(s) and role(s)
a) in the jboss/conf/catalina directory create a file named "users.properties"
into this put your user names in the form =
example:
appuser=joshua
so we have a user called appuser with password joshua
b) in the jboss/conf/catalina directory create a file named "roles.properties"
for each of your user names put in an entry in the form =[,]
in our example we use only one role called my_role, we also have only one user called appuser, so our roles.properties file also contains only one entry:
appuser=my_role
4. start your jboss server
when you now try to access your web-content, the browser should display a popup-dialog in which
you must enter "appuser" as your username and "joshua" as your password
6. summary of necessary steps
- set up your web.xml descriptor
- set up the jboss-web.xml descriptior
- set up the users.properties file in jboss/conf/catalina
- set up the roles.properties file in jboss/conf/catalina
- start your jboss server