1 Reply Latest reply on Nov 12, 2010 3:01 PM by Radu Tentea

    ear security

    Radu Tentea Newbie

      Hi All,

       

      I have an app that has multiple wars bundled inside the same ear. I have modified my jboss/server/default/conf/login-config.xml file to add my application policy. I used a database server login module.

       

      Now, when I try to use this in my wars I get some problems. I'm using an auth-method form and used two security constraints in every web.xml file. One that forbids access to everything and one that allows non-auth access to the login.html and error.html.

       

      First problem is that I found out I need to add login.html and error.html to every war since those paths are relative to war context root.

       

      Second problem is that if I authenticate to a war not every other war is authenticated (this is the most painful problem). So if I access some js file from one of the wars, the app redirects me properly to login.html and auth is done correctly (user/pass good I see js file, not good-> error.html). So auth does work. But when I try to access any other resource from other war I need to auth again.

       

      How come? Can all wars be linked somehow? Indeed there is an abundance of information on the web, also tried a few other solutions but with no help.

       

      I'm using jboss 5.1.0GA.

       

      Regards,

      Radu Tentea