I am setting up JAAS realm to be used along with my web-application. The authentication is not complex and a simple form-based j_security_check works just fine.
Now, for authentication, I am fine with a not-so-complex org.jboss.security.auth.spi.UsersRolesLoginModule with simple property files achieving the desired affect. This makes it possible to have user-password and user-role mappings defined outside the web-application.
The problem is this. I want to give my role-resource mapping outside the application. (mostly uri resources). I do not want to write <auth-constarint> tags inside web.xml, but rather have JAAS find it from another property file which resides outside my application. Something similar to the sample-JAAS-policy-file this page gives http://www.theserverside.com/resources/article.jsp?l=JAAS
Has someone already thought of this ?
(more imp, u think it IS possible?)
This was the feature I also wanted to incorporate. If any solutions please put it forward as soon as possible. It would be of great help
Thanx & Regards