[jboss-user] [Installation, Configuration & DEPLOYMENT] - Re: lock jboss administration

sashaxiv do-not-reply at jboss.com
Fri Dec 14 07:11:14 EST 2007


upps, yes. I modified the xml file in my server with vnc using notepad editor. 


  | <?xml version='1.0'?>
  | <!DOCTYPE policy PUBLIC
  |       "-//JBoss//DTD JBOSS Security Config 3.0//EN"
  |       "http://www.jboss.org/j2ee/dtd/security_config.dtd">
  | 
  | <!-- The XML based JAAS login configuration read by the
  | org.jboss.security.auth.login.XMLLoginConfig mbean. Add
  | an application-policy element for each security domain.
  | 
  | The outline of the application-policy is:
  | <application-policy name="security-domain-name">
  |   <authentication>
  |     <login-module code="login.module1.class.name" flag="control_flag">
  |       <module-option name = "option1-name">option1-value</module-option>
  |       <module-option name = "option2-name">option2-value</module-option>
  |       ...
  |     </login-module>
  | 
  |     <login-module code="login.module2.class.name" flag="control_flag">
  |       ...
  |     </login-module>
  |     ...
  |   </authentication>
  | </application-policy>
  | 
  | -->
  | 
  | <policy>
  |     <!-- Used by clients within the application server VM such as
  |     mbeans and servlets that access EJBs.
  |     -->
  |     <application-policy name = "client-login">
  |        <authentication>
  |           <login-module code = "org.jboss.security.ClientLoginModule"
  |              flag = "required">
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | 
  |     <!-- Security domain for JBossMQ -->
  |     <application-policy name = "jbossmq">
  |        <authentication>
  |           <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
  |              flag = "required">
  |              <module-option name = "unauthenticatedIdentity">guest</module-option>
  |              <module-option name = "dsJndiName">java:/DefaultDS</module-option>
  |              <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
  |              <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | 
  |     <!-- Security domain for JBossMQ when using file-state-service.xml
  |     <application-policy name = "jbossmq">
  |        <authentication>
  |           <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
  |              flag = "required">
  |              <module-option name = "unauthenticatedIdentity">guest</module-option>
  |              <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  |     -->
  | 
  |     <!-- Security domains for testing new jca framework -->
  |     <application-policy name = "HsqlDbRealm">
  |        <authentication>
  |           <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
  |              flag = "required">
  |              <module-option name = "principal">sa</module-option>
  |              <module-option name = "userName">sa</module-option>
  |              <module-option name = "password"></module-option>
  |              <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | 
  |     <application-policy name = "JmsXARealm">
  |        <authentication>
  |           <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
  |              flag = "required">
  |              <module-option name = "principal">guest</module-option>
  |              <module-option name = "userName">guest</module-option>
  |              <module-option name = "password">guest</module-option>
  |              <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | 
  |     <!-- A template configuration for the jmx-console web application. This
  |       defaults to the UsersRolesLoginModule the same as other and should be
  |       changed to a stronger authentication mechanism as required.
  |     -->
  |     <application-policy name = "jmx-console">
  |        <authentication>
  |           <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
  |              flag = "required">
  |            <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
  |            <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | 
  |     <!-- A template configuration for the web-console web application. This
  |       defaults to the UsersRolesLoginModule the same as other and should be
  |       changed to a stronger authentication mechanism as required.
  |     -->
  | 
  | 
  | 	<application-policy name = "web-console">
  | <authentication>
  | <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
  | flag = "required">
  | <module-option name="usersProperties">props/web-console-users.properties</module-option> <module-option name="rolesProperties">props/web-console-roles.properties</module-option> </login-module>
  | </authentication>
  | </application-policy
  | 
  |     <!-- A template configuration for the JBossWS web application (and transport layer!).
  |       This defaults to the UsersRolesLoginModule the same as other and should be
  |       changed to a stronger authentication mechanism as required.
  |     -->
  |     <application-policy name="JBossWS">
  |       <authentication>
  |         <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
  |           flag="required">
  |           <module-option name="unauthenticatedIdentity">anonymous</module-option>
  |         </login-module>
  |       </authentication>
  |     </application-policy>
  | 
  |     <!-- The default login configuration used by any security domain that
  |     does not have a application-policy entry with a matching name
  |     -->
  |     <application-policy name = "other">
  |        <!-- A simple server login module, which can be used when the number 
  |        of users is relatively small. It uses two properties files:
  |        users.properties, which holds users (key) and their password (value).
  |        roles.properties, which holds users (key) and a comma-separated list of
  |        their roles (value).
  |        The unauthenticatedIdentity property defines the name of the principal
  |        that will be used when a null username and password are presented as is
  |        the case for an unuathenticated web client or MDB. If you want to
  |        allow such users to be authenticated add the property, e.g.,
  |        unauthenticatedIdentity="nobody"
  |        -->
  |        <authentication>
  |           <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
  |              flag = "required" />
  |        </authentication>
  |     </application-policy>
  | 
  | </policy>
  | 

i think the xml is well formed. i´m gonna modify it with other editor.

Very much thanks

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4112893#4112893

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4112893




More information about the jboss-user mailing list