0 Replies Latest reply on Nov 14, 2005 10:57 AM by Micha? ?

    adding security policy for my application

    Micha? ? Newbie

      Hello everyone!

      I come with following problem. I'm tring to get on with my security in my application. I've started with the simplest thing I've found - which is SimpleServerLoginModule. I added following lines to login-config.xml:

      <application-policy name="simple">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.SimpleServerLoginModule"
       flag="required" />
       </authentication>
      </application-policy>
      


      When I restart JBoss, I can't find java:/jaas/simple binding at JNDI. My application comes with error:

      HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal
      
      type Status report
      
      message Configuration error: Cannot perform access control without an authenticated principal
      
      description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden.


      My web.xml part:

      ...
       <security-constraint>
       <web-resource-collection>
       <web-resource-name> Seam test security</web-resource-name>
       <url-pattern>/*</url-pattern>
      
       </web-resource-collection>
       <auth-constraint>
       <role-name>user</role-name>
       </auth-constraint>
       </security-constraint>
       <login-conf>
       <auth-method>BASIC</auth-method>
       </login-conf>
      ...
      


      and jboss-web.xml:

      <jboss-web>
       <security-domain>java:/jaas/jbossmq</security-domain>
      </jboss-web>
      


      I'm using JBoss4.0.3SP1. I'm stucked with it for few days. Please help...