what ist what: jaas, jbossSX, httpAuth
paper May 28, 2006 9:23 PMHi All,
I've a big problem. I developed a JBoss / Seam / JSF / EJB3 App for my mastethesis. everything works fine, but now i've write about and to describe how it works.
the security parts are my problem, i don't exactly know, what are the basic technologies (jaas, jbossSX, httpAuth, ...) for the different parts.
I use FormAuth on the web layer, and fetch the userprincipal on ejb layer from ejb-context. everything that follows is in my own datamodel, which i know to describe ;)
Any hints wellcome!
Thanks fr help
my login service conf:
<server> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="termtimer:service=DynamicLoginConfig"> <attribute name="AuthConfig">META-INF/termtimerSecurity-config.xml</attribute> <!-- The service which supports dynamic processing of login-config.xml configurations. --> <depends optional-attribute-name="LoginConfigService"> jboss.security:service=XMLLoginConfig </depends> <!-- Optionally specify the security mgr service to use when this service is stopped to flush the auth caches of the domains registered by this service. --> <depends optional-attribute-name="SecurityManagerService"> jboss.security:service=JaasSecurityManager </depends> </mbean> </server>
and
my login config:
<policy> <application-policy name="termtimerSecurity"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <!-- login-module code="org.termtimer.model.TTDatabaseServerLoginModule" flag="required" --> <module-option name="unauthenticatedIdentity"> guest </module-option> <module-option name="dsJndiName"> java:/TermTimerDatabaseDS </module-option> <module-option name="principalsQuery"> select password from user where username=? </module-option> <module-option name="rolesQuery"> select userrole.rolename as userRoles,"Roles" from userrole, user_userrole, user where userrole.id=user_userrole.roles_id and user_userrole.user_id=user.id and user.username=? </module-option> </login-module> <login-module code="org.jboss.security.ClientLoginModule" flag="required"> <module-option name="unauthenticatedIdentity"> guest </module-option> </login-module> </authentication> </application-policy> </policy>