This content has been marked as final.
Show 1 reply
-
1. Re: Security Issues with Migrating from WebSphere to JBoss
plscstx Jan 26, 2009 3:32 PM (in response to plscstx)Never mind, figured it out.
web.xml security snippet:<security-constraint> <web-resource-collection> <web-resource-name>Admin</web-resource-name> <description>Administrative Functions</description> <url-pattern>/admin/*</url-pattern> <url-pattern>/formprocessing/*</url-pattern> <url-pattern>/adminintro.html</url-pattern> <!-- url-pattern>/config/*</url-pattern --> <http-method> GET</http-method> <http-method> POST</http-method> <http-method> PUT</http-method> <http-method> HEAD</http-method> <http-method> TRACE</http-method> <http-method> DELETE</http-method> <http-method> OPTIONS</http-method> </web-resource-collection> <auth-constraint> <description>AdminSettings</description><role-name>*</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <!--realm-name>corpTax</realm-name> <realm-name>drhorton.com</realm-name--> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config>
note the * for the role
jboss-web.xml:<jboss-web> <!-- All secured web content uses this security manager --> <security-domain>java:/jaas/myApp</security-domain> </jboss-web>
servers login-config.xml:<application-policy name = "myApp"> <authentication> <login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag = "required" > <!-- PASSWORD VERIFICATION --> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://servername:389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="principalDNPrefix">prefix\</module-option> </login-module> </authentication> </application-policy>