[jboss-user] [Security & JAAS/JBoss] - Re: Mixing CLIENT-CERT and BASIC authentication

Thursday, 26 March 2009

Not sure this question is in scope of the forum.

Two things you need to describe in your web.xml:
1) Security constraint mapped to some url pattern and requires some role.
2) Role mapped to security domain.

So you need to configure your web.xml as following:
Two different security constraints mapped each to its url pattern
e.g. 
<url-pattern>/*_cert_requred_*</url-pattern>
requires some role: "CertProtected"
<url-pattern>/*_passwd_requred_*</url-pattern>
requires some role: "PasswordProtected"

Best way to do this - separate your app to subcontexts:
<url-pattern>/cert_requred/*</url-pattern>
<url-pattern>/passwd_requred/*</url-pattern>

Then you need to map each role to its JAAS domain.

If you are mapping some security constraints to one url pattern (/*)... The result is
depending on implementation. In best case you will got working the last constraint.

View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4221346#...

Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - Re: Mixing CLIENT-CERT and BASIC authentication