-
1. Re: Struts and JAAS
I mean, normally the <security-domain> is in the jboss-web.xml. Where it needs to be, if we have a strut?
I appreciate! -
2. Re: Struts and JAAS
Your question doesn't seem to make sense. Struts is a framework which uses servelts and JSPs. The fact that your web application uses it should be irrelevant.
Why do you think it would change any of the security configuration stuff?
Luke. -
3. Re: Struts and JAAS
Hey ,
Thank you very much! I appreciate your help.
OK, I'm using struts instead of servlets.
The servlets are described in the web.xml and the struts are described in struts-config.xml. That's what is confusing me.
When I try to create an EJB I have the following error
Insufficient method permissions: principal=null.
The user is authenticated with the role Role instead of administrator as it should be.
I think that on the EJB side the method permissions are OK, so the problem is somewhere in the client side.
I have in JBOSS_DIST/conf the auth.conf with
example1 {
org.jboss.security.auth.spi.UsersRolesLoginModule required
unauthenticatedIdentity="nobody";
};
and in JBOSS_DIST/client
example1 {
org.jboss.security.ClientLoginModule required;
};
Do you have an idea what the problem might be? -
4. Re: Struts and JAAS
Hi,
You say "that's what is confusing you" - do you mean you don't quite understand struts or you just don't know how to set up the security stuff?
What do you mean by "The user is authenticated with the role Role instead of administrator" ?
Two things to check:
1. Do you get a login box (or form) when you try to access a protected url?
2. Have you setup a security domain for your app in your jboss-web.xml?
If you haven't done the latter then you will be using the default "other" configuration. If this doesn't have a
setting for "unauthenticatedIdentity", and you haven't logged in then the principal will be null when you try to access your EJBs.
Another thing - the JBOSS_DIST/client auth.conf file is irrelelevant for your web app.
Luke.