3 Replies Latest reply on Aug 25, 2011 8:37 AM by Marcus Moyses

    Securing a Web application with AS7

    Max Korn Newbie

      Hi all !

      I have a JBoss 5.1 application which uses HTTP Role authentication to perform some basic authentication.


      Basically I have the login module defined into login-config.xml





                      <module-option name="dsJndiName">java:/OracleDS</module-option>

                      <module-option name="principalsQuery">

                          select passwd from USERS where login=?


                      <module-option name="rolesQuery">

                          select role, 'Roles' from USER_ROLES where login=?




      this module matches with the security domain in jboss-web.xml






      And finally a security constraint in the web.xml:



      . . . . . .




             <description>security constraints</description>











            <realm-name>Secure Realm</realm-name>








      Given that web.xml and jboss-web.xml stays the same (I guess!) how do I translate the login module in AS 7 ?

      I've found in the AS7 security subsystem a clue:


      <login-module code="..." flag="..."> <module-option name="..." value="..."/> </login-module>

      however I've not been able to find how to specify dsJndiName or principalsQuery/rolesQuery

      Any help ???

      Thanks in advance