0 Replies Latest reply on Feb 9, 2010 5:42 PM by Robert Wolinski

    securing web-console using FORM auth-method

    Robert Wolinski Newbie

      Not sure if this belongs in security or JMX & Management but since it is security related, I'm going to say it should be here. Please let me know if I have to move the question. Onto the real stuff:

       

      I have secured the jmx-console using FORM based authentication with a CONFIDENTIAL transport-guarantee. I would like to do the same thing with the web-console and have the following in my web.xml.

       

       

      <security-constraint>
      .
      .
      <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      
      <login-config>
           <auth-method>FORM</auth-method>
                <form-login-config>
                     <form-login-page>/login.html</form-login-page>
                     <form-error-page>/login-error.html</form-error-page>
                </form-login-config>
      <login-config>
      


      My problem comes in when I attempt to login into the web-console. Since the web-console is two frames, the login page appears in both frames. I can login to one, hit back and then go back into the console but that is a pain in the butt and could be confusing for future users. Does anyone have a way I can modify either the security setup or something in the web-console deployment to make the login.html page appears as one page and upon successful login, move to the two fram web-console? Thanks.