1 Reply Latest reply on Nov 12, 2003 1:49 PM by nalin

    auth-constraint out of web.xml

    Pooja Chauhan Newbie

      I am setting up JAAS realm to be used along with my web-application. The authentication is not complex and a simple form-based j_security_check works just fine.

      Now, for authentication, I am fine with a not-so-complex org.jboss.security.auth.spi.UsersRolesLoginModule with simple property files achieving the desired affect. This makes it possible to have user-password and user-role mappings defined outside the web-application.

      The problem is this. I want to give my role-resource mapping outside the application. (mostly uri resources). I do not want to write <auth-constarint> tags inside web.xml, but rather have JAAS find it from another property file which resides outside my application. Something similar to the sample-JAAS-policy-file this page gives http://www.theserverside.com/resources/article.jsp?l=JAAS

      Has someone already thought of this ?
      (more imp, u think it IS possible?)