0 Replies Latest reply on Jan 11, 2012 11:52 AM by esavidan

    Tomcat status page & security domain

    esavidan
    esavidan Jan 11, 2012 11:52 AM

      Hi,

       

      I'd like to protect tomcat status page with a login/password authentication.

       

      To do so, I've created a security domain to status application :

       

        <application-policy name="status-console">

          <authentication>

            <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

              flag="required">

              <module-option name="usersProperties">props/status-console-users.properties</module-option>

              <module-option name="rolesProperties">props/status-console-roles.properties</module-option>

            </login-module>

          </authentication>

        </application-policy>

       

      and referenced it in deploy/jbossws.sar/jbossws-management.war/WEB-INF/jboss-web.xml :

       

      <jboss-web>

         <!-- A security domain that restricts access -->

        <security-domain>java:/jaas/status-console</security-domain>

         <context-root>jbossws</context-root>

      </jboss-web>

       

      But, authentication does not work. I'm not prompted to provide login / password.

       

      Do you know if it's possible to implement such authentication ?

       

      Is my configuration wrong ?

       

      Thanks in advance for your support.

       

      Regards.