5 Replies Latest reply on Mar 3, 2006 9:53 PM by chris griffith

    Web Application JAAS and JBOSS Configuration

    Daniel Mueller Newbie

      Hello,

      I'm developing a web application using the struts Framework and Jboss. For authentification and authorization I'd like to use JAAS in a declarative way.
      Up to now I've done the following steps:

      Editing the web.xml

       <security-constraint>
       <web-resource-collection>
       <web-resource-name>ProtectedFolder</web-resource-name>
       <url-pattern>/jsp/*</url-pattern>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>admin</role-name>
       </auth-constraint>
       </security-constraint>
      
      ....
      
      <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
       <form-login-page>/form/index.jsp</form-login-page>
       <form-error-page>/error.jsp</form-error-page>
       </form-login-config>
       </login-config>
      
      


      and building the login-form:

      <html:form action="j_security_check">
       <table border="0">
       <tr>
       <td><bean:message key="label.login.name"/></td>
       <td><html:text property="j_username" /></td>
       </tr>
       <tr>
       <td><bean:message key="label.login.password"/></td>
       <td><html:password property="j_password" /></td>
       </tr>
       <tr>
       <html:errors/>
       <td colspan="2" align="center"><html:submit/><html:cancel/></td>
       </tr>
       </table>
      


      I've read some documentations, but I don't now how to proceed. I know that i have to write a LoginModule. I'll use the UsernamePasswordLoginModule. The passwords and usernames are in a database. Can I put the queries in the login() method?

      Another question is where i have to put this module and what else i have to do?

      Thank you very much!

      Daniel