0 Replies Latest reply on Aug 2, 2003 4:41 PM by klutus

    Application security using simple user/roles problem (3.2.1/

    klutus Newbie

      I have a very simple intranet, set up for a few users, on the same server as a public web is running.

      it is an ear containing a few packed and unpacked WARs and 2 JARs

      I would like to set up simple login for this application, but have not managed to set up one (1) login for the different apps, I don't care about single sign on, I just want to avoid maintaining multiple sets of users.properties and roles.properties.

      Preferably one set of users.properties and roles.properties, for all my web apps within the EAR would be a very god solution for me....

      This is what I have tried:

      In login-config.xml :

      <application-policy name = "intranet">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />
      <module-option name="usersProperties">C:\Jboss\jboss-3.2.1\server\default\deploy\intranet.ear\META-INF\intranetusers.properties</module-option>
      <module-option name="usersProperties">C:\Jboss\jboss-3.2.1\server\default\deploy\intranet.ear\META-INF\intranetroles.properties</module-option>

      </application-policy>

      #######################

      And then in one of the wars I did this in web.xml

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Intranet</web-resource-name>
      Intranet

      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>

      </web-resource-collection>

      <auth-constraint>
      <role-name>IntranetUser</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>

      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>No Context</realm-name>
      </login-config>

      <security-role>
      <role-name>IntranetUser</role-name>
      </security-role>

      ##########################

      and then this in jboss-web.xml in the same war

      <jboss-web>
      <security-domain>java:/jaas/intranet</security-domain>
      <context-root>/</context-root>
      </jboss-web>

      ################################

      my idea was that acording to the docuementation, the userProperties module option is a file name, so I asumed one could include the entire name to avoid relative contexts. - seems not :-(

      ############################

      As this didn't work out.... I have been forced to use a different set of files in each WAR...

      I have been trying to find ways to force authentication both on the Jetty listener, and on the EAR as such, but I'm not smart enough to understand how this can be done...

      Help on this would be significantly appreciated