2 Replies Latest reply on May 8, 2006 8:24 AM by j2ee_junkie

Multiple security domains for single webapp

kgalligan May 7, 2006 10:14 AM

What I'd like to do is have 2 security domains attached to one web application. The basic idea is that the client login info will be in the database, but internal admin logins, which will rarely change, will be kept in a properties fileset.

So that's...

1 - UsersRolesLoginModule
1 - DatabaseServerLoginModule

Looking at the structure of the jboss-web.xml, it only allows for one <security-domain> tag. I just tried 2, and it threw an exception.

I would assume one way to do this would be a custom login module that calls both internally. If this would be the preferred method, I would also assume that somebody has done this. Possible option two would be some method of configuration in the 'login-config.xml' that would do the same.

Any thoughts?

Thanks in advance.

1. Re: Multiple security domains for single webapp

cuoz May 7, 2006 9:15 PM (in response to kgalligan)

I've never done this, so I'm no expert, but I think what you do is have a single security domain that uses both modules and use the "password-stacking" option.

Hopefully somebody else can offer you more definitive help.

gary.
Actions
2. Re: Multiple security domains for single webapp

j2ee_junkie May 8, 2006 8:24 AM (in response to kgalligan)

I think you are on the right track cuoz. I would add that you may need to modify the flag attribute of login-module element in login-config to not make both modules required. Maybe, make one sufficient or something. Read http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html to see what fits.

later, cgriffith
Actions

Go to original post