1 Reply Latest reply on Dec 7, 2001 8:54 PM by Luke Taylor

    Simultaneously securing .wars and exploded wars

    Kurt Olsen Newbie

      Our developer-support server runs jboss and must support web.xml based web-app security for both .war files dropped into the jboss/deploy dir and for exploded wars in the tomcat/webapps directory.

      This server is only using the hypersonic database.

      If I allow jaas based security in tomcat/conf/server.xml then autodeployments via jboss/deploy work properly. But the exploded web-apps in tomcat/webapps don't maybe because nothing pays attention to the WEB-INF/jboss-web.xml file.

      If I remove the jaas interceptor from tomcat/conf/server.xml and use the JDBCRealm interceptor I have difficulty (can't) figure out how to connect to hypersonic. If I could do that I can probably make both styles of application work.
      But....Question.....If tomcat/conf/server.xml is setup to use Tomcat JDBCRealm auth instead of jaas then I need to know if the ejb's will be be able to use jaas.


        • 1. Re: Simultaneously securing .wars and exploded wars

          Do you need the exploded web-apps because you are making changes that you want Tomcat to pick up right away? If so I don't know of any way to do this, other than running a different tomcat instance with its own security. You will still be able to call EJBs in a separate JBoss server.

          It's a while since I've done it, but you would want to use the simple interceptor which does nothing other than set up credentials to be passed to JBoss (as any other distributed client would). So you would no longer use org.jboss.tomcat.security.JBossSecurityMgrRealm but use the standard tomcat JDBCRealm to allow tomcat to do its authentication and add an extra interceptor, org.jboss.tomcat.security.JBossRealm to setup the security association with JBoss. I think that's it ...

          This is a pain, as you have to configure two separate security systems, but you can use hypersonic as the database for tomcat's JDBCRealm too.

          You can then deploy your complete apps in JBoss/Tomcat, running on one port (e.g. 8080) and have another separate Tomcat instance running (on e.g. port 80) which points to the expanded webapps.