How to associate security roles for JAAS authenticated user?

vsthomas Nov 26, 2004 12:08 AM

I have an enterprise application build in Websphere Studio Application Server. It consists of both a web module, and an ejb module, with JAAS authentication - an LDAPLoginModule. Last week I successfully ported the application on to JBoss (It was very difficult to find what configuration changes was needed to port it to JBoss). My problem now is in the web.xml file, I had commented out all the <security-constraint>, <login-config>, and <security-role> elements (authentication mechanism is form-based). I need to associate the roles defined in this file to all the authenticated users(JAAS authentication) so that they can access the application. At present the JAAS authentication is happening properly, but since the roles in web.xml are not associated to authenticated user, I am getting the following exception on the browser window - 'HTTP Status 403 - Access to the requested resource has been denied'. Does any one know how to associate these roles to authenticated user? In Websphere Application server there is a way to associate roles to 'All Authenticated users' and 'Everyone'. Is there any thing similiar in JBoss? I am using JBoss Version-4.0.0.RC2. Any help in this regard is highly appreciated. Thanks a tonne........

1. 3857798

starksm64 Nov 26, 2004 12:19 PM (in response to vsthomas)

Read the JAAS Howto in the JAAS security forum.
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=46370
Actions