0 Replies Latest reply on Feb 28, 2002 11:37 AM by Farid Bellameche

    Authenticating with Tomcat and JBoss

    Farid Bellameche Newbie

      Hi,

      I use JBoss 2.4.4 with tomcat 4.0.

      I have a webapp configured like this :

      <web-app>

      <servlet-name>addEmploye</servlet-name>
      <servlet-class>com.xtierdev.formation.controler.AjouterEmployeServlet</servlet-class>


      <servlet-name>employeDetail</servlet-name>
      <servlet-class>com.xtierdev.formation.controler.AfficherDetailEmployeServlet</servlet-class>


      <servlet-name>listEmploye</servlet-name>
      <servlet-class>com.xtierdev.formation.controler.GererListeEmployesServlet</servlet-class>

      <servlet-mapping>
      <servlet-name>addEmploye</servlet-name>
      <url-pattern>/addEmploye</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
      <servlet-name>employeDetail</servlet-name>
      <url-pattern>/employeDetail</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
      <servlet-name>listEmploye</servlet-name>
      <url-pattern>/listEmploye</url-pattern>
      </servlet-mapping>
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Collection1</web-resource-name>
      Protected area
      <url-pattern>/employeDetail</url-pattern>
      <url-pattern>/listEmploye</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      Domain Users
      <role-name>Domain Users</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Collection2</web-resource-name>
      <url-pattern>/addEmploye</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      Domain Users
      <role-name>Domain Users</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>
      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>server-login</realm-name>
      </login-config>
      <security-role>
      Domain Users
      <role-name>Domain Users</role-name>
      </security-role>
      </web-app>

      and a file standardjboss.xml beginning like this :


      <security-domain>java:/jaas/server-login</security-domain>
      ...

      and and server auth.conf file like this :

      // Put login modules providing authentication and realm mappings
      // for security domains.


      simple {
      // Very simple login module:
      // any user name is accepted.
      // password should either coincide with user name or be null,
      // all users have role "guest",
      // users with non-null password also have role "user"
      org.jboss.security.auth.spi.SimpleServerLoginModule required;
      };

      // Used by clients within the application server VM such as
      // mbeans and servlets that access EJBs.
      client-login {
      org.jboss.security.ClientLoginModule required;
      };

      // The default server login module
      other {
      // A simple server login module, which can be used when the number
      // of users is relatively small. It uses two properties files:
      // users.properties, which holds users (key) and their password (value).
      // roles.properties, which holds users (key) and a comma-separated list of their roles (value).
      // The unauthenticatedIdentity property defines the name of the principal
      // that will be used when a null username and password are presented as is
      // the case for an unuathenticated web client or MDB. If you want to
      // allow such users to be authenticated add the property, e.g.,
      // unauthenticatedIdentity="nobody"
      org.jboss.security.auth.spi.UsersRolesLoginModule required
      ;

      };
      server-login
      {
      com.myriap.security.jaas.loginmodule.NtServerLoginModule required
      ntDomainName="myriap"
      unauthenticatedIdentity="jms"
      ;
      };

      a client auth.conf like this :

      server-login
      {
      // Put your login modules that work without jBoss here

      // jBoss LoginModule
      org.jboss.security.ClientLoginModule required;

      // Put your login modules that need jBoss here
      };


      When I deploy my webapp and use it no authentication dialog appear when accessing the protected areas of my webapp. Wath's wrong with this deployement ?

      Thank's a lot.

      Farid