-
1. Re: Login Window
alexlzl Apr 8, 2003 2:01 PM (in response to amagno)Use BASIC login config in your web.xml, then IE will pop up the login window for you.
<web-app>
<display-name>Secure Application</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Realm</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Secure Realm</realm-name>
</login-config>
<security-role>
Real world admin role
<role-name>admin</role-name>
</security-role>
</web-app>
Then, in jboss-web.xml, give your web app a security domain:
<jboss-web>
<security-domain>java:/jaas/test</security-domain>
</jboss-web>
Then in login-config.xml, set the LoginModule for this security domain, like:
<application-policy name = "test">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy> -
2. Re: Login Window
amagno Apr 10, 2003 1:45 PM (in response to amagno)Thanks a lot Alex. It worked fine. Now I'm trying to make it work with DatabaseServerLoginModule but I haven't had success. Thought just needed to change the login-module code but that didn't do it. I'd really appreciate some help.
Thanks again,
Alphonsus.
(Tables and values seems correct) -
3. Re: Login Window
vassago Apr 23, 2003 8:11 AM (in response to amagno)This example looks good, I've implemented it to secure my /backoffice pages and the login request pop-ups. But where do you place the actual usernames, roles and passwords?? (I hoped that the build in admin account of Win2k could be used but that doesn't seem to be the case since login failed).
I tried to create users.properties and roles.properties in WEB-INF but that did not work (someone said they should be placed in the _root_ folder of the war-file, but that is obviously false since then they are accessible by anyone simply by browsing to /yourApp/users.properties which of course would be horrible).
Btw, that auth.conf file which is mentioned by some is, according to the documentation, obsolete, you should rather use login-config.xml, but still, where to place the usernames and passwords? With the application policy in login-config.xml? And if so, exactly how?
Thanks in advance. -
4. Re: Login Window
vassago Apr 23, 2003 8:38 AM (in response to amagno)This example looks good, I've implemented it to secure my /backoffice pages and the login request pop-ups. But where do you place the actual usernames, roles and passwords?? (I hoped that the build in admin account of Win2k could be used but that doesn't seem to be the case since login failed).
I tried to create users.properties and roles.properties in WEB-INF but that did not work (someone said they should be placed in the _root_ folder of the war-file, but that is obviously false since then they are accessible by anyone simply by browsing to /yourApp/users.properties which of course would be horrible).
Btw, that auth.conf file which is mentioned by some is, according to the documentation, obsolete, you should rather use login-config.xml, but still, where to place the usernames and passwords? With the application policy in login-config.xml? And if so, exactly how? I tried with:
<application-policy name="backofficeDomain">
<login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required">
<module-option name="userName">myUsername</module-option>
<module-option name="password">myPassword</module-option>
</login-module>
</application-policy>
but that did not work either. :(
Thanks in advance. -
5. Re: Login Window
vassago Apr 23, 2003 8:52 AM (in response to amagno)This example looks good, I've implemented it to secure my /backoffice pages and the login request pop-ups. But where do you place the actual usernames, roles and passwords?? (I hoped that the build in admin account of Win2k could be used but that doesn't seem to be the case since login failed).
I tried to create users.properties and roles.properties in WEB-INF but that did not work (someone said they should be placed in the _root_ folder of the war-file, but that is obviously false since then they are accessible by anyone simply by browsing to /yourApp/users.properties which of course would be horrible).
Btw, that auth.conf file which is mentioned by some is, according to the documentation, obsolete, you should rather use login-config.xml, but still, where to place the usernames and passwords? With the application policy in login-config.xml? And if so, exactly how? I tried with:
<application-policy name="backofficeDomain">
<login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required">
<module-option name="userName">myUsername</module-option>
<module-option name="password">myPassword</module-option>
</login-module>
</application-policy>
but that did not work either. :(
Frankly I dont know why all these configuration settings have to be split up into so many files
using different formats, wouldn't be better and easier of all configuration info could be held
in web.xml in an uniform format!?
Thanks in advance.
PS
Doesnt forum posting work properly?
Tried several posts without any visible result
yet.
DS