-
1. Re: JAAS Container managed versus code managed auth
j2ee_junkie May 16, 2006 11:32 AM (in response to bezdomny)If you want to use Tomcat embedded in JBoss and use container managed security. Just read chapter 8 of the server guide. Embedded Tomcat security is handled by JBoss. So what you need to learn is how JBoss handles security.
-
2. Re: JAAS Container managed versus code managed auth
bezdomny May 16, 2006 11:43 AM (in response to bezdomny)Thanks,
I've got the server guide for 4.0 but I haven't read it all, though I haven't seen anything yet that describes exactly what I think I need. For instance, how does the container determine if a user is still logged while they are browsing through "protected" pages. I need secure ALL my pages.
B -
3. Re: JAAS Container managed versus code managed auth
bezdomny May 17, 2006 10:36 AM (in response to bezdomny)I'm still having issues here. Is the idea to use some code to always check request.isUserInRole("user"), or does the container do that?
B -
4. Re: JAAS Container managed versus code managed auth
j2ee_junkie May 18, 2006 10:04 AM (in response to bezdomny)B,
If you are using Container Authentication then yes, the container does that for you. Chapter 8 really does describe what you need well if you do not have any unusual circumstances. To summarize...
1.) create your web app and add security-constraints to you web.xml
2.) specify your authentication method (i.e. auth-method) in your web.xml
3.) specify what security domain your web application will use. This is the security-domain in your jboss-web.xml
4.) finally, specify what login modules your security domain will use in $JBOSS_SERVER/conf/login_config.xml
You do not need your Bean in the jsp.
later, cgriffith -
5. Re: JAAS Container managed versus code managed auth
bezdomny May 24, 2006 8:04 AM (in response to bezdomny)Thanks for the help! One more question though. . . Do I need to extend JBoss's JAAS class, I think AbstractServerLoginContext, to get JBoss to recognize my custom LoginModule? Thanks again for the help.
B -
6. Re: JAAS Container managed versus code managed auth
j2ee_junkie May 25, 2006 9:43 AM (in response to bezdomny)B,
There is no requirement to extend AbstractServerLoginModule. However, your login modules are required to use the Subject usage pattern employed by JBoss. Extending this module ensures this pattern is used. Otherwise, just follow directions at http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html#ch8.custom.sect
in your custom modules.
enjoy, cgriffith -
7. Re: JAAS Container managed versus code managed auth
bezdomny May 25, 2006 10:46 AM (in response to bezdomny)Will do, and thanks for the useful information. I really hate being a noob at something!!! (especially and app server)
B