Can secure jmx-console but not my own web app!!!
Hi,
Can anybody out there show me how to secure a web app? I have successfully secured jmx-console using the DatabaseServerLoginModule but can't access a deployed web (sample web) in my JBOSS AP server.
Below are the configurations made for my sample web.
login-config.xml entries
<application-policy name = "My-web">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/DefaultDS</module-option>
<module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
<module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
</login-module>
</application-policy>
---------------------
jboss-web.xml entries
<jboss-web>
<security-domain>java:/jass/My-web</security-domain>
<context-root>/My-web</context-root>
</jboss-web>
-----------------------
web.xml file entries
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>my-web</web-resource-name>
An example security config that only allows users with the
role WebAppUser to access the My-web web application
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>WebAppUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My-web Realm</realm-name>
</login-config>
<security-role>
<role-name>WebAppUser</role-name>
</security-role>
</web-app>
---------------------
JBoss server log
javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NameNotFoundException: jass not bound]
at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1067)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:700)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:587)
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.naming.NameNotFoundException: jass not bound
at org.jnp.server.NamingServer.getBinding(NamingServer.java:529)
at org.jnp.server.NamingServer.getBinding(NamingServer.java:537)
at org.jnp.server.NamingServer.getObject(NamingServer.java:543)
at org.jnp.server.NamingServer.lookup(NamingServer.java:267)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:625)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:587)
at javax.naming.InitialContext.lookup(InitialContext.java:351)
at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1061)
... 16 more
Thanks,
cgt001
