1 Reply Latest reply on Oct 26, 2006 1:51 PM by mariovvl

Container based authentication, user name based authorizatio

manzikki Oct 12, 2006 3:08 AM

Hello.

somehow I did not find examples of this in the forums or documentation.

I've set up a box where the users are required to authenticate using LDAP.
Practically, in in jboss/server/default/login-config.xml there is a policy like
<application-policy name = "LDAP">

<login-module code="org.jboss.security.auth.spi.LdapLoginModule"
flag="required">
...

and in the application's jboss-web.xml
<security-domain>java:/jaas/LDAP</security-domain>

and in the application's web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>SECURITY_DOMAIN</web-resource-name>
<url-pattern>/foo</url-pattern>
<url-pattern>/bar</url-pattern>
</web-resource-collection>
<auth-constraint><role-name>*</role-name> </auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TEST</realm-name>
</login-config>

It works: the users that can authenticate themselves with LDAP have an access to the application. However, of these I'd like only _some_ to be able to access the application and role names are not too usable in our organisation.

Is there a way to define a list of accepted user names in auth-constraint or something of the same effect?

-man

1. Re: Container based authentication, user name based authoriz

mariovvl Oct 26, 2006 1:51 PM (in response to manzikki)

You say
role names are not too usable in our organisation.
. A role doesn't necessary have to be something like 'manager', 'supervisor',... You can have your organization define an 'application type' role (i.e. YourApplicationName role) within LDAP that includes all the users you want to give access to your application to. Then, use that role in the auth-constraint section.
Actions