0 Replies Latest reply on Aug 16, 2002 6:19 AM by Matt

    Specifying the security domain for a web app

    Matt Newbie

      Help !

      I can't work out how to specify the security domain for my web app. I'm just trying to run up a basic example that restricts access to a sub dir so I can get a feel for jboss configuration. I've got a DataSource set up and configured the login module in login-config.xml. This seems to be okay as it appears in the JNDIView. However, when I specify it in jboss-web.xml that appears to be ignored. I get the following in the jboss std out -

      10:25:28,080 WARN [JBossUserRealm#default] authentication failure: matt
      10:25:28,080 WARN [Jetty] WARNING: AUTH FAILURE: user matt

      So it looks like JBoss is trying some other realm ? Below are my web descriptors for reference. Any got any ideas ? It's blowing my head off ....

      This is my web.xml -

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
      <web-app>
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>GUI constraint</web-resource-name>
      Security constraint
      <url-pattern>/private/*</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      <auth-constraint>
      Constraint gui
      <role-name>user</role-name>
      </auth-constraint>
      <user-data-constraint>
      SSL not required
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>default</realm-name>
      </login-config>

      <security-role>
      The role required to access restricted content
      <role-name>user</role-name>
      </security-role>
      </web-app>

      And jboss-web.xml -

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
      <!-- Use the JaasSecurityMgr loginWebapp security domain for authentication
      and authorization of secured web content.
      -->
      <security-domain>java:/jaas/loginWebapp</security-domain>
      </jboss-web>