3 Replies Latest reply on Oct 18, 2001 8:24 AM by Sam Hunt

    Jboss security example

    Maurice Mills Newbie

      Would it be possible for someone to post complete example with all supporting documentation on how to set up a web based application using JBoss' security model?

      I have read the JavaWorld article and many postings to this forum and still can't get my application to work.

      When I finally get the application to ask me for my username and password, it never accepts anything I enter. It just keeps asking me for them.

      I also am trying to use form based login. All I ever get is a login popup box--I have never seen my login.html page.

      An example that shows at least the following would be very helpful:
      1) Form based login
      2) All auth.conf files necessary
      3) All xml deployment descriptors
      4) Both secure and non secure pages

      I have been fighting with this for over a week now and still can't get anything to work. It is getting very frustrating!

      thanks

        • 1. Re: Jboss security example
          Nathan Newbie

          Welcome to the club. I've been grappling with much the same problem. I'm as far as being authenticated and authorized by the web app but I'm not by the EJBs. I've dissected the JAAS examples to get this far but man oh man, it is tough.

          • 2. Re: Jboss security example
            BlogEasy Support Newbie

            I was able to get a basic web based application working with security using the DatabaseServerLoginModule. However, I took a slightly different approach at the web layer. Instead of using the standard form based login as described in the specifications, I used a regular form to establish credentials (i.e. name/password) to a regular session bean that would contain all my session context information including authentication information. I also performed the first preliminary authentication through this bean as well by initiating a login context directly to the DatabaseServerLoginModule. This will give back immediate results to the user as to whether or not they are authenticated. From there I create a "client-login" context using the ClientLoginModule. This is kept in the session bean for all subsequent calls to the EJB container. Any time I make a call to the EJB container I use the ClientLoginModule context. The EJB container uses the same DatabaseServerLoginModule originally used to perform the initial authentication on the web layer. This provides some additional benefits because I can keep the user's context all in one place and easily "re-authenticate" the user's context via the session bean to "switch" between users. This may not solve your problem, but gives a different perspective on authenticating with JBoss in a web based environment. Hope this helps.

            • 3. Re: Jboss security example
              Sam Hunt Newbie

              Have you tried the "jass how to" examples? They include a web layer. I have gotten them to run successfully, although I'm still in the process of working through how everything fits together.