2 Replies Latest reply on Jan 17, 2003 4:39 AM by Roland Ettema

    Security Integration using Jetspeed 1.4.1 + JBoss 3.0.1RC1 +

    Rafal Piotrowski Newbie


      As you might be aware that Jetspeed is using Turbine DB that defines users and roles,
      plus it is not using JAAS (using it's own ACL).

      Problem:
      How do I authenticate user of Jetspeed to be a valid user of JBoss?

      Solution:
      1) JBoss custom JAAS LoginModule
      a) get the username/password via BASIC/FORM authentication schema.
      b) pass the credentials to Jetspeed for authentication
      i) login OK -> instance of JetspeedUser class is returned
      ii) login FAILED -> Jetspeed's LoginException is raised
      c) TO DO
      setting RunData object
      at the moment once login to JBoss you need to login again to Jetspeed
      2) Web Application Configuration
      a) configure the application's web-app.xml in order to use BASIC or FORM authentication
      i) BASIC -> no extra setup necessary
      2) FORM -> need to create login.jsp that contains





      and specify it in the web-app.xml tag <form-login-page>
      b) configure jboss-web.xml so it contains
      <security-domain>java:/jaas/your_custom_login_module_name</security-domain>
      3) EJBs configuration
      configure jboss.xml for your EJBs so it contains
      <security-domain>java:/jaas/your_custom_login_module_name</security-domain>
      4) JBoss configuration
      configure JBoss login-config.xml so it contains configuration of your custom login module
      whose name is 'your_custom_login_module_name'