1 Reply Latest reply on Oct 10, 2007 1:05 PM by Anil Saldanha

    Question on security model for separate modules

    Kosta Kontos Newbie


      I have JBoss AS setup and dedicated to servicing a franchise-based business.

      I have a couple of modules deployed in JBoss AS (4.2.1), that are completely unrelated (but together serve a higher purpose). JSPWiki at example.com/wiki/ and JForum at example.com/forum/ - (note: I have enabled forwarding of port 80 to 8080).

      I also have a custom built module deployed as ROOT.war, and is hence available at example.com - For all intensive purposes, you can consider this module the "main system module", with the wiki and forum installed for collaboration purposes.

      From what I've read briefly (I'm still wrapping my mind around it), JSPWiki fully supports JAAS. I'm not entirely sure about JForum, but that's ok. With the forum, I just need to secure the top level folder, example.com/forum/ and so long as an authenticated user can access the top-level folder, they have access to the entire forum. With the JSPWiki however, I'd like the JAAS settings to "carry over" to it once the user has signed on at ROOT level, to be able to apply Wiki page-based security (JSPWiki allows this).

      So in a nutshell, my user navigates to www.example.com and is prompted to login with a form. Based on their username, they get assigned a role or denied access. Assuming they're authenticated, they proceed to the ROOT.war home page, and from there they either use the main system, or collaborate on the wiki and forum. Based on their role, their access to the wiki is limited, meanwhile access to the forum is a given so long as they managed to log in to begin with.

      Fwiw, I aim to use JBoss's DdatabaseServerLoginModule to allow my client's IT admin staff to CRUD users and roles online. We're estimating to have around 400 users at most.

      Thus goal is to implement user/role-based security at the ROOT level, that carries over to the wiki/ (fully JAAS) and forum/ (just top-level folder), using DatabaseServerLoginModule. Is this possible?

      Thanks in advance.