-
1. Re: Web Application JAAS and JBOSS Configuration
j2ee_junkie Mar 3, 2006 9:21 AM (in response to dm1000)Daniel,
Do not forget to declare your security role admin in your web.xml file using the security-role element.
2.) You do not have to write a login module. Look at org.jboss.security.auth.spi.DatabaseServerLoginModule.
3.) You need to specify to JBoss that your web application should be secured by setting the security-domain element in your jboss-web.xml file.
4.) If you are securing EJB's you need to configure those as well.
Read chapter 8 of the server guide at http://docs.jboss.org/jbossas/jboss4guide/r3/html/ch8.chapter.html
have fun, cgriffith -
2. Re: Web Application JAAS and JBOSS Configuration
dm1000 Mar 3, 2006 9:58 AM (in response to dm1000)Thank you so far!
I have now generated the jboss-web.xml and the login-config.xml files.
But where i have to put them. If i put them into my WEB_INF folder the Jboss Server did not find them.
Greetings
Daniel
PS: no EJB's involved;) -
3. Re: Web Application JAAS and JBOSS Configuration
j2ee_junkie Mar 3, 2006 10:09 AM (in response to dm1000)You really should read the server guide, but just to kick start you...
The jboss-web.xml should be in your war's WEB-INF directory. The contents of the login-config.xml file gets added to ${SERVER}/conf/login-config.xml file.
cgriffith -
4. Re: Web Application JAAS and JBOSS Configuration
dm1000 Mar 3, 2006 8:59 PM (in response to dm1000)Now I've read the documentation carefully;)
But now I've antother problem. I use Struts and the framework intercepts all action, even the j_security_check action. So there no possibility to log in via this mechanism?
I also authenticated the user manually via lc.login (). But then i cannot use the request.isUserInRole() method.
Does anybody now how you can approach to this problem? -
5. Re: Web Application JAAS and JBOSS Configuration
j2ee_junkie Mar 3, 2006 9:53 PM (in response to dm1000)You do not need to worry about Struts intercepting an HTML form posting to 'j_security_check'. Tomcat container will intercept this request. You do need to read the Stuts documentation on how security is handled by ActionServlet. I do not remember the details.
good luck, cgriffith