3 Replies Latest reply on Apr 22, 2003 1:09 PM by tlamarca

    newbie to jboss authentication/configuration

    stevecoh1
    stevecoh1 Apr 7, 2003 7:39 PM

      I am a jboss newbie. I am porting a web-application-based system (no ejbs) to jboss. Our organization has purchased the jboss administration and development online book and have read the authentication chapter.

      I need to use a custom database-based authentication system and have written one that extends UsernamePasswordLoginModule. I think I have written it well, but I can't quite figure out how to get the system to recognize it. I have modified my login-config.xml to add an application-policy element for my login module. What I can't figure out is how to point at that . According to the documentation, it seems as though I should reference that in my jboss-web.xml file.

      But my application, which has been running up to now without an application policy doesn't have a jboss-web.xml file. What generates this? I should say that my application is deployed through an ear file.

      It's a little unclear to me how all these configuration files fit together and if anyone can untangle this for me I'd much appreciate it.

      Thanks

      • 3063 Views
      • Tags:
        • 1. Re: newbie to jboss authentication/configuration
          ikloeckl
          ikloeckl Apr 22, 2003 8:27 AM (in response to stevecoh1)

          Hi,
          the jboss-web.xml file does not exist until you write one. If it's just for securing the web app, this one should suffer:

          <jboss-web>
          <security-domain>java:jaas/YourSecurityDomainName</security-domain>
          </jboss-web>

          This file is placed where the web.xml also lives, that is WEB-INF subdirectory in the web archive file.

          In the login-conf.xml, you define all usable security domains, in the jboss-web.xml you refer to a special one (must be previously defined, of course).

          Hope that helps
          Ingo

            • Actions
          • 2. Re: newbie to jboss authentication/configuration
            didi1976
            didi1976 Apr 22, 2003 10:22 AM (in response to stevecoh1)

            Hi,

            I asume your ear-file contains a war-file.

            Just put the jboss-web.xml along with your web.xml in there.

            The jboss-web.xml looks like this:

            <jboss-web>
            <security-domain>java:/jaas/yourloginmodule</security-domain>
            </jboss-web>

            The "yourloginmodule" referres to the name that you have used in the login-config.xml file.

            Dietmar

              • Actions
            • 3. Re: newbie to jboss authentication/configuration
              tlamarca
              tlamarca Apr 22, 2003 1:09 PM (in response to stevecoh1)

              if you have already been helped, nevermind. otherwise...

              you need to create a jboss-web.xml file and it will have a single entry (for these purposes anyway):

              <security-domain>java:/jaas/client-login</security-domain>

              where "client-login" is the name of whichever security domain you want to use.

              jboss-web.xml should be placed in the WEB-INF directory of your war file.

              i wrote an article about this with some sample code at:

              http://jboss.org/thread.jsp?forum=49&thread=30937

              in the article, i refer to a couple of java world articles that are quite helpfull - one on JBossSX written by the main security developer. it is at: http://www.javaworld.com/javaworld/jw-08-2001/jw-0831-jaas.html

                • Actions