1 Reply Latest reply on Apr 19, 2006 11:29 AM by Woodler

    How to secure different portal instances

    Siarhei Bidun Newbie

      Hi everybody.
      Can anybody help me with a portal security issue?

      The question is how to secure different portal instances with different security domains.

      For an example I took JBoss demo portal as it is.
      Then I have deployed "helloworldportal.war" (mentioned in portal documentation) under "jboss-portal.sar" directory.

      Demo portal uses the following security domain (specified in jboss-web.xml file under "portal-server.war"/WEB-INF dir):
      <security-domain>java:jaas/portal</security-domain>

      For "helloworldportal.war" portal I want to use different security domain.
      I have defined "application-policy" in login-config.xml file:
      <application-policy name="testportal">
      ....

      And in the file helloworldportal.war/WEB-INF/jboss-web.xml have specified security domain:
      <security-domain>java:jaas/testportal</security-domain>
      Also for "helloworldportal.war" portal have specified security constraints (in helloworldportal.war/WEB-INF/web.xml file):
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Authenticated</web-resource-name>

      <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Authenticated</role-name>
      </auth-constraint>
      </security-constraint>
      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>JBoss Portal</realm-name>
      </login-config>
      <security-role>
      <role-name>Authenticated</role-name>
      </security-role>

      Now when I go to url:

      http://localhost:8080/portal/portal/HelloPortal/fooPage

      nothing happens - my security constraints are ignored.
      Could somebody hint what is wrong or how to solve the issue?

      Thanks in advance,
      Siarhei Baidun