I'm browsing for an example, and cannot find what I'm looking for...
How to secure my web services with simple user/pass?
I'm using jboss-3.2.1 and have successfully developed and deployed my application web services. Now, I need to secure them. But, nothing fancy, just a simple user/pass configuration... perhaps similar to the configuration I've done with the jmx-console.
I edit the jboss-3.2.1/server/default/conf/login-config.xml to include the following:
<application-policy name = "jboss-net">
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
This is exactly what was used to configure my jmx-console (except that the name="jboss-net" is name="jmx-console" of course. Anyhow, I don't think this did anything to the jboss-net because I can still access the web page and services on my server without any prompt for the user/pass.
What else must I do to enable basic user/pass for the jboss-net web services? Also, where would I deploy the users.properties and roles.properties files... under jboss-3.2.1/server/default/deploy/jboss-net.sar someplace?
Or... maybe I'm going about this all wrong? Must I instead configure different security settings for each of the services deployed? Ideally, I don't want anyone to be able to access anything from my server under http://myhost/jboss-net