6 Replies Latest reply on Oct 27, 2002 7:05 PM by Willie Wheeler

    Don't want web realm named "other"

    Willie Wheeler Newbie

      Hi. I'm using the JBoss 3.0.3 + Tomcat 4.1.12 bundle, and I'm trying to deploy web application that uses basic authentication. I've gotten everything to work correctly, but it only works if I choose "other" as the name of my web realm. (So in web.xml, realm-name is "other", and in jboss-web.xml, security-domain is "java:/jaas/other".)

      In login-config.xml, there's an application policy named "other", and from what I understand, this is a catch-all domain defined by the JAAS spec. Well, I added an application policy to login-config.xml with the name "JCourseWebRealm", changed realm-name in web.xml to "JCourseWebRealm", and changed security-domain in jboss-web.xml to "java:/jaas/JCourseWebRealm". When I do this, I can still authenticate, but the server denies me access, returning an HTTP 403 error code (Unauthorized Access).

      I'm using the UsersRolesLoginModule, if that matters.

      Thanks,
      Willie

        • 1. Re: Don't want web realm named "other"
          James Moring Newbie

          Do you have security roles defined in your web.xml? If so they must be returned by the UserRolesLoginModule.

          HTH

          • 2. Re: Don't want web realm named "other"
            Mauricio Nagaoka Newbie

            Where are your users and roles properties files?

            My app is working OK, but, differently of you, I'm specifying other properties file names in login-config.xml and I'm placing this files in the root of my EAR file.

            Here is a snippet of my login-config.xml:

            <application-policy name = MyAppRealm">

            <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
            <module-option name = "usersProperties">myapp.users</module-option>
            <module-option name = "rolesProperties">myapp.roles</module-option>
            </login-module>

            </application-policy>

            • 3. Re: Don't want web realm named "other"
              Mauricio Nagaoka Newbie

              Where are your users and roles properties files?

              My app is working OK, but, differently of you, I'm specifying other properties file names in login-config.xml and I'm placing this files in the root of my EAR file.

              Here is a snippet of my login-config.xml:

              <application-policy name = MyAppRealm">

              <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
              <module-option name = "usersProperties">myapp.users</module-option>
              <module-option name = "rolesProperties">myapp.roles</module-option>
              </login-module>

              </application-policy>

              • 4. Re: Don't want web realm named "other"
                Mauricio Nagaoka Newbie

                Where are your users and roles properties files?

                My app is working OK, but, differently of you, I'm specifying other properties file names in login-config.xml and I'm placing this files in the root of my EAR file.

                Here is a snippet of my login-config.xml:

                <application-policy name = MyAppRealm">

                <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
                <module-option name = "usersProperties">myapp.users</module-option>
                <module-option name = "rolesProperties">myapp.roles</module-option>
                </login-module>

                </application-policy>

                • 5. Re: Don't want web realm named "other"
                  Mauricio Nagaoka Newbie

                  Where are your users and roles properties files?

                  My app is working OK, but, differently of you, I'm specifying other properties file names in login-config.xml and I'm placing this files in the root of my EAR file.

                  Here is a snippet of my login-config.xml:

                  <application-policy name = MyAppRealm">

                  <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
                  <module-option name = "usersProperties">myapp.users</module-option>
                  <module-option name = "rolesProperties">myapp.roles</module-option>
                  </login-module>

                  </application-policy>

                  • 6. Re: Don't want web realm named "other"
                    Willie Wheeler Newbie

                    Hi jmoring. I do have security roles defined in web.xml. What do you mean when you say that they must be returned by the UsersRolesLoginModule? AFAIK UsersRolesLoginModule just takes two module options: one called usersProperties (gives the name of the user file) and another called rolesProperties (gives the name of the role file). I have appropriate entries defined in users.properties and roles.properties.

                    Thanks,
                    Willie