-
1. Re: How to disable login+password popup when calling JBossWS
jaikiran Nov 5, 2008 1:55 AM (in response to thoste)If you see such a pop-up, it indicates that someone has intentionally configured the application to be secure. So only restricted set of users can login to the application. So if you want to access the application, you will have to contact the admin to get the username/password.
b) enter the username+password in a (which ?) config xml file
which in turn is AUTOMATICALLY used in the future for login?
It depends on the login module that is used for the authentication. It can even be a database instead of properties file. -
2. Re: How to disable login+password popup when calling JBossWS
peterj Nov 5, 2008 12:14 PM (in response to thoste)What version of JBossAS are you using? Or are you using JBoss EAP? That might explain why you are being asked to log in on localhost but other installations are nor requiring this.
-
3. Re: How to disable login+password popup when calling JBossWS
thoste Nov 5, 2008 12:35 PM (in response to thoste)"PeterJ" wrote:
What version of JBossAS are you using? Or are you using JBoss EAP? That might explain why you are being asked to log in on localhost but other installations are nor requiring this.
Yes, I am working with JBoss EAP from JBoss Development Studio.
Why is JBoss EAP different from "normal JBoss AS" ?
Again: How can I suppress user+pw prompt (for JBoss EAP) ? -
4. Re: How to disable login+password popup when calling JBossWS
peterj Nov 5, 2008 1:52 PM (in response to thoste)JBoss EAP comes with a readme.html file that highlights the differences between AS and EAP. Wait, the EAP binary download doesn't have the readme; instead it is in the docs download. In that file you will see this text:
readme wrote:
If you are using the rpm, or the zip distribution, please note that by default, authentication is enabled and no user accounts are set up. This is done to prevent unauthorized access to various services of JBoss AS. Please refer to the Installation Guide, or see http://kbase.redhat.com/faq/FAQ_107_9963.shtm for information on how to make the services accessible again.
Thus, EAP is locked down. Not only are all of the services secured, but there is no way to log in to any of them.
I just now installed devstudio. It doesn't contain this readme. How convenient. But looking at some key files it appears that the version of EAP that comes with devstudio is not locked down. I guess this makes sense because this version of EAP is meant for development use.
However, the /jbossws context is still locked down. Curious. I guess they forgot to unlock it. Anyway, edit the server/xxx/deploy/jbossws.sar/jbossws-context.war/WEB-INF/jboss-web.xml file, commenting out the security-domain:<jboss-web> <!-- A security domain that restricts access <security-domain>java:/jaas/jmx-console</security-domain> --> <context-root>jbossws</context-root> </jboss-web>
-
5. Re: How to disable login+password popup when calling JBossWS
peterj Nov 5, 2008 2:00 PM (in response to thoste)Posted too soon, you also need to edit the web.xml file in the same directory, commenting out the security-constraint:
<!-- A security constraint that restricts access <security-constraint> <web-resource-collection> <web-resource-name>jbossws</web-resource-name> <description>Security configuration that only allows users with the role 'JBossAdmin' to access the JBossWS console web application </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint> -->