[jboss-user] [Security & JAAS/JBoss] - Container based authentication, user name based authorizatio
manzikki
do-not-reply at jboss.com
Thu Oct 12 03:08:36 EDT 2006
Hello.
somehow I did not find examples of this in the forums or documentation.
I've set up a box where the users are required to authenticate using LDAP.
Practically, in in jboss/server/default/login-config.xml there is a policy like
<application-policy name = "LDAP">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule"
flag="required">
...
and in the application's jboss-web.xml
<security-domain>java:/jaas/LDAP</security-domain>
and in the application's web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>SECURITY_DOMAIN</web-resource-name>
<url-pattern>/foo</url-pattern>
<url-pattern>/bar</url-pattern>
</web-resource-collection>
<auth-constraint><role-name>*</role-name> </auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TEST</realm-name>
</login-config>
It works: the users that can authenticate themselves with LDAP have an access to the application. However, of these I'd like only _some_ to be able to access the application and role names are not too usable in our organisation.
Is there a way to define a list of accepted user names in auth-constraint or something of the same effect?
-man
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3977777#3977777
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3977777
More information about the jboss-user
mailing list