1 Reply Latest reply on Jul 31, 2005 5:41 PM by Mike Duffy

    JDBC Realm for Form Based Authentication

    Mike Duffy Novice

      Can anyone point me to some documentation for configuring a JDBC realm for form based authentication?

      This is very easy to do in Tomcat:
      http://www.onjava.com/pub/a/onjava/2002/06/12/form.html

      A similar approach DOES NOT WORK in JBoss.

      This is so basic. I thought there would be clear documentation somewhere on the JBoss site, but after six hours of looking I am feeling lost.

      Thx.

      Mike

        • 1. Re: JDBC Realm for Form Based Authentication
          Mike Duffy Novice

          OK. Here is a useful link: 4.3.2. Security Using a Database
          http://docs.jboss.org/jbossas/getting_started/v4/html/dukesbank.html#d0e1254

          The section right above this one also has some necessary information:
          4.3.1. Configuring the Security Domain

          Basically, unlike Tomcat, there are no Realms in JBoss for security.

          The security parameters are specified in login-config.xml with the attribute "<application-policy name="[policyName]">"

          Your app references this policy throug jbos-web.xml which is placed in your app's WEB-INF directory.

          A MAJOR QUESTION STILL REMAINS: If you deploy an app that uses a custom security policy (rather than the default), do you need to go in and manually edit the login-config.xml?

          In Tomcat, there is a context.xml that enables you to deploy security realms in an addendum to the server.xml without having to edit the server.xml. Does JBoss have a similar concept?

          Thx. And sorry for the late night rant. :)

          Mike