-
1. Re: Authenticating with Tomcat and JBoss
binaryfeed Feb 26, 2002 4:40 PM (in response to sergeibatiuk)Using JBoss-2.4.4 and Tomcat-4.0.1 integrated, with the default configuration, as long as you set up your auth.conf properly and have a working JBoss server-side login module, JBoss sets up the embedded tomcat with a JBossRealm that passes the credentials on through. Works like a charm!
-
2. Re: Authenticating with Tomcat and JBoss
roger01 Feb 26, 2002 6:42 PM (in response to sergeibatiuk)How do you set up auth.conf "correctly"?
And can the JBoss supplied UsersRolesLoginModule be used?
Thanks
Roger -
3. Re: Authenticating with Tomcat and JBoss
fbellameche Feb 28, 2002 11:36 AM (in response to sergeibatiuk)Hi,
I use JBoss 2.4.4 with tomcat 4.0.
I have a webapp configured like this :
<web-app>
<servlet-name>addEmploye</servlet-name>
<servlet-class>com.xtierdev.formation.controler.AjouterEmployeServlet</servlet-class>
<servlet-name>employeDetail</servlet-name>
<servlet-class>com.xtierdev.formation.controler.AfficherDetailEmployeServlet</servlet-class>
<servlet-name>listEmploye</servlet-name>
<servlet-class>com.xtierdev.formation.controler.GererListeEmployesServlet</servlet-class>
<servlet-mapping>
<servlet-name>addEmploye</servlet-name>
<url-pattern>/addEmploye</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>employeDetail</servlet-name>
<url-pattern>/employeDetail</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>listEmploye</servlet-name>
<url-pattern>/listEmploye</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Collection1</web-resource-name>
Protected area
<url-pattern>/employeDetail</url-pattern>
<url-pattern>/listEmploye</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
Domain Users
<role-name>Domain Users</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Collection2</web-resource-name>
<url-pattern>/addEmploye</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
Domain Users
<role-name>Domain Users</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>server-login</realm-name>
</login-config>
<security-role>
Domain Users
<role-name>Domain Users</role-name>
</security-role>
</web-app>
and a file standardjboss.xml beginning like this :
<security-domain>java:/jaas/server-login</security-domain>
...
and and server auth.conf file like this :
// Put login modules providing authentication and realm mappings
// for security domains.
simple {
// Very simple login module:
// any user name is accepted.
// password should either coincide with user name or be null,
// all users have role "guest",
// users with non-null password also have role "user"
org.jboss.security.auth.spi.SimpleServerLoginModule required;
};
// Used by clients within the application server VM such as
// mbeans and servlets that access EJBs.
client-login {
org.jboss.security.ClientLoginModule required;
};
// The default server login module
other {
// A simple server login module, which can be used when the number
// of users is relatively small. It uses two properties files:
// users.properties, which holds users (key) and their password (value).
// roles.properties, which holds users (key) and a comma-separated list of their roles (value).
// The unauthenticatedIdentity property defines the name of the principal
// that will be used when a null username and password are presented as is
// the case for an unuathenticated web client or MDB. If you want to
// allow such users to be authenticated add the property, e.g.,
// unauthenticatedIdentity="nobody"
org.jboss.security.auth.spi.UsersRolesLoginModule required
;
};
server-login
{
com.myriap.security.jaas.loginmodule.NtServerLoginModule required
ntDomainName="myriap"
unauthenticatedIdentity="jms"
;
};
a client auth.conf like this :
server-login
{
// Put your login modules that work without jBoss here
// jBoss LoginModule
org.jboss.security.ClientLoginModule required;
// Put your login modules that need jBoss here
};
When I deploy my webapp and use it no authentication dialog appear when accessing the protected areas of my webapp. Wath's wrong with this deployement ?
Thank's a lot.
Farid -
4. Re: Authenticating with Tomcat and JBoss
roger01 Mar 3, 2002 2:52 PM (in response to sergeibatiuk)I think the problem is that you are using BASIC login and this does not work with Tomcat 4.0.1, as I understand the documentation. You need to use FORM based login instead.
Roger