[jboss-user] [JBoss Portal] - Best practice: secure direct web app access

Thursday, 20 March 2008

Hi all,

I'd like to know how I secure the access to a web app that runs as a portlet. I have
the portlet secured by a <security-constraint> in the *-object.xml, but if I call
http(s)://server:port/my-web-app-context-root/folder-in-war/resource I get the content
delivered without being logged in.

Now, if I configured a <security-constraint> in my web.xml (with the same user role
and security-domain as for the portlet) JBoss asks for a username and password
(BASIC-auth). That's quite good, but it asks for username and password for the
portlet, too - even if I logged in.

What are the best practices for that?

Thanks,
Carsten

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137977#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [JBoss Portal] - Best practice: secure direct web app access