3 Replies Latest reply on Aug 25, 2011 8:37 AM by Marcus Moyses

    Securing a Web application with AS7

    Max Korn Newbie

      Hi all !

      I have a JBoss 5.1 application which uses HTTP Role authentication to perform some basic authentication.

       

      Basically I have the login module defined into login-config.xml

       

      <login-module

                         code="org.jboss.security.auth.spi.DatabaseServerLoginModule"

                         flag="required">

                      <module-option name="dsJndiName">java:/OracleDS</module-option>

                      <module-option name="principalsQuery">

                          select passwd from USERS where login=?

                      </module-option>

                      <module-option name="rolesQuery">

                          select role, 'Roles' from USER_ROLES where login=?

                      </module-option>

      </login-module>

       

      this module matches with the security domain in jboss-web.xml

       

      <jboss-web>

            <security-domain>java:/jaas/myLogin</security-domain>

      </jboss-web>

       

      And finally a security constraint in the web.xml:

       

      <web-app>

      . . . . . .

      <security-constraint>

           <web-resource-collection>

             <web-resource-name>HtmlAdaptor</web-resource-name>

             <description>security constraints</description>

             <url-pattern>/*</url-pattern>

             <http-method>GET</http-method>

             <http-method>POST</http-method>

           </web-resource-collection>

           <auth-constraint>

             <role-name>Admin</role-name>

           </auth-constraint>

         </security-constraint>

         <login-config>

            <auth-method>BASIC</auth-method>

            <realm-name>Secure Realm</realm-name>

         </login-config>

       

         <security-role>

            <role-name>Admin</role-name>

         </security-role>

      </web-app>

       

      Given that web.xml and jboss-web.xml stays the same (I guess!) how do I translate the login module in AS 7 ?

      I've found in the AS7 security subsystem a clue:

       

      <login-module code="..." flag="..."> <module-option name="..." value="..."/> </login-module>

      however I've not been able to find how to specify dsJndiName or principalsQuery/rolesQuery

      Any help ???

      Thanks in advance

      Max