0 Replies Latest reply on Sep 14, 2006 2:27 PM by bezdomny

    One security domain, two web apps

    bezdomny
    bezdomny Sep 14, 2006 2:27 PM

      I currently have two web apps, Identity and Business. Idenity is currently configured to use jaas/jboss with a custom login module and it works great. I now have this new app that I want to secure and I want to use Identity security domain and login module. I have added the following to the jbos-web.xml in the Business app (exact same as in the Identity app jboss-web.xml):

      <jboss-web>
      <security-domain flushOnSessionInvalidation="true">java:/jaas/Identity</security-domain>
      <resource-ref>
      <res-ref-name>jdbc/cidb</res-ref-name>
      <jndi-name>java:/jdbc/cidb</jndi-name>
      </resource-ref>

      </jboss-web>

      I have also added the requisite security role/form login stuff in Business web.xml. As follows:

      <security-role>
      basic client users
      <role-name>client</role-name>
      </security-role>

      <security-role>
      basic analyst users
      <role-name>analyst</role-name>
      </security-role>


      <security-constraint>
      <web-resource-collection>
      <web-resource-name>
      client files
      </web-resource-name>
      <url-pattern>*.do</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>client</role-name>
      <role-name>analyst</role-name>
      </auth-constraint>
      </security-constraint>



      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Identity</realm-name>
      <form-login-config>
      <form-login-page>/common/start.jsp</form-login-page>
      <form-error-page>/common/loginerror.jsp</form-error-page>
      </form-login-config>

      Now for the question :)
      When I hit one of the Business apps struts pages like /Business/initSplashPage.do, I get the proper login screen. When I try to authenticate, the auth fails and I'm returned to the login screen. Actually my login module isn't even being called. I'm assuming that the reason is that my custom login module isn't visible in the classpath of the business app since it actually lives inside the Identity app. Is this correct? Shouldn't jboss be able to call my custom login module from wherever it lives?

      Now for the weird part. When I authenticate as normal in the Identity app, then click over to the Business app, it passes my auth info fine and recognises I'm logged in, and the app works fine. This isn't such a big deal as my clients will always go through the Identity app to the business app, but I don't know why it won't work just authenticaing in the biz app.
      Any ideas?
      Thanks!
      B

      • 2027 Views
      • Tags: