1 Reply Latest reply on Aug 28, 2005 1:54 PM by Scott Stark

    J2EE Authentication & Authorization

    Vijay Dasari Newbie

      Hi,
      We are using LDAP server for authentication and authorization.
      We configured JBoss to use LDAP server(using our own login module).

      Does anybody know, how to configure either the Web Application or the server to use only Authentication but not Authorization.

      In our web application, we want to allow access to any authenticated user, no matter which roles the user belong.

      Is there any way, we can configure in web.xml to allow access to url's for any authenticated user.

      I tried using this authconstaint
      <security-constraint>
      <display-name>All</display-name>
      <web-resource-collection>
      <web-resource-name>AllResources</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>PUT</http-method>
      <http-method>HEAD</http-method>
      <http-method>TRACE</http-method>
      <http-method>POST</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>*</role-name>
      </auth-constraint>
      </security-constraint>

      But the above configuration allows access to non-authenticated users aswell, which is not intended.


      Any help is appreciated.

      Thanks,
      Vijay.