2 Replies Latest reply: May 8, 2012 3:11 AM by rodakr RSS

    2 SecurityDomains in Web Project

    Mitja Skuhala Newbie

      It is posible to use two diferent SecurityDomains in one web project?

       

      How does jboss-web.xml and web.xml look like?

       

       

      Until now I have this:

       

      standalone.xml:

       

                   <security-domain name="FirstSecurityDomain" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                                  <module-option name="dsJndiName" value="java:/...."/>

                                  <module-option name="principalsQuery" value="...."/>

                                  <module-option name="rolesQuery" value="...."/>

                                  <module-option name="hashAlgorithm" value="MD5"/>

                                  <module-option name="hashEncoding" value="HEX"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

                     <security-domain name="SecondSecurityDomain" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                                  <module-option name="dsJndiName" value="java:/...."/>

                                  <module-option name="principalsQuery" value="...."/>

                                  <module-option name="rolesQuery" value="...."/>

                                  <module-option name="hashAlgorithm" value="MD5"/>

                                  <module-option name="hashEncoding" value="HEX"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

      jboss-web.xml:

      <jboss-web>

          <security-domain>java:/jaas/FirstSecurityDomain</security-domain>

          <security-domain>java:/jaas/SecondSecurityDomain</security-domain>

          <context-root>/</context-root>

      </jboss-web>

       

      web.xml:

      <servlet>

          <servlet-name>servletA</servlet-name>

          <servlet-class>ServletA</servlet-class>

        </servlet>

      <servlet>

          <servlet-name>servletB</servlet-name>

          <servlet-class>ServletB</servlet-class>

        </servlet>

      <servlet-mapping>

          <servlet-name>servletA</servlet-name>

          <url-pattern>/servleta/*</url-pattern>

        </servlet-mapping>

      <servlet-mapping>

          <servlet-name>servletB</servlet-name>

          <url-pattern>/servletb/*</url-pattern>

        </servlet-mapping>

       

      <security-constraint>                       // Here i would like to call FirstSecurityDomain

          <web-resource-collection>

            <web-resource-name>test1</web-resource-name>

            <url-pattern>/servleta/*</url-pattern>

          </web-resource-collection>

          <auth-constraint>

            <role-name>User</role-name>

          </auth-constraint>

        </security-constraint>

       

        <security-constraint>                    // Here i would like to call SecondSecurityDomain

          <web-resource-collection>

            <web-resource-name>test2</web-resource-name>

            <url-pattern>/servletb/*</url-pattern>

          </web-resource-collection>

          <auth-constraint>

            <role-name>User</role-name>

          </auth-constraint>

        </security-constraint>

       

       

      I hope you understand me what I want. Two diferent SecurityDomains for two diferent Servlets.

        • 1. Re: 2 SecurityDomains in Web Project
          Mitja Skuhala Newbie

          Or nobody knows the solution or it is so simple ?

          • 2. Re: 2 SecurityDomains in Web Project
            rodakr Novice

            yes... create 2 war files, one for each servlet :-)

            or use just one Security Domain ( or Realm ) like this:

             

                     <security-domain name="FirstSecurityDomain" cache-type="default">

                                <authentication>

                                    <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="sufficient">

                                        <module-option name="dsJndiName" value="java:/...."/>

                                        <module-option name="principalsQuery" value="...."/>

                                        <module-option name="rolesQuery" value="...."/>

                                        <module-option name="hashAlgorithm" value="MD5"/>

                                        <module-option name="hashEncoding" value="HEX"/>

                                    </login-module>

                                     <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="sufficient">

                                        <module-option name="dsJndiName" value="java:/...."/>

                                        <module-option name="principalsQuery" value="...."/>

                                        <module-option name="rolesQuery" value="...."/>

                                        <module-option name="hashAlgorithm" value="MD5"/>

                                        <module-option name="hashEncoding" value="HEX"/>

                                    </login-module>

                                </authentication>

                            </security-domain>