Unauthenticated Principal
toni Sep 23, 2007 12:02 PMHi,
how can I grant unauthenticated users access to parts of my webapplication? I have read that we have to use the tag <unauthenticated-principal> in order to do this. Here is my configuration, maybe somebody can help me out?
----------- important part of web.cml ------------------------- <security-constraint> <web-resource-collection> <web-resource-name>Unsecure area</web-resource-name> <description>Unprotected Pages</description> <url-pattern>/homepage.seam</url-pattern> <url-pattern>/about.seam</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <description>All people</description> <role-name>guest</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Secure area</web-resource-name> <description>Security for Protected Pages</description> <url-pattern>*.seam</url-pattern> <url-pattern>*.jsp</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <description>All areas are restived</description> <role-name>Admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>userDatabase</realm-name> <form-login-config> <form-login-page>/login.seam</form-login-page> <form-error-page>/loginError.seam</form-error-page> </form-login-config> </login-config> <security-role> <description>The role of an adminr</description> <role-name>Admin</role-name> </security-role> <security-role> <description>Any body</description> <role-name>guest</role-name> </security-role> </web-app> ---------------------- userDatabase login config ------------------------ <application-policy name="userDatabase"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="dsJndiName"> java:/PostgresqlDS </module-option> <module-option name="principalsQuery"> SELECT password FROM systemuser WHERE login=? </module-option> <module-option name="rolesQuery"> SELECT r.rolename, r.p_group FROM systemuser as o, role as r, systemuser_role as pr WHERE o.login=pr.systemuser_login AND r.roleName = pr.roles_roleName AND o.login=? </module-option> </login-module> </authentication> </application-policy> -------------------------------- i also added jboss.xml to my ear archive --- <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 4.0//EN" "http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd"> <jboss> <security-domain>java:/jaas/userDatabase</security-domain> <unauthenticated-principal>guest</unauthenticated-principal> </jboss> ----------------------------------------------- Unfortuantely unauthenticated people can't access "/homepage.seam" before loggin in.