[jboss-dev-forums] [JBoss AS7 Development] - JBossAS7: Secure my Web App : How Do I?

[Anil Saldhana]

Anil Saldhana [http://community.jboss.org/people/anil.saldhana] created the document:

"JBossAS7: Secure my Web App : How Do I?"

To view the document, visit: http://community.jboss.org/docs/DOC-17297

--------------------------------------------------------------
This is an article for people seeking ways by which they can secure their Java EE Web Apps.   I am assuming that your web app contains servlets, jsps, html etc.  If you have a Seam based app, then Seam Security is what you should look for.
h2. 
h2. Bare Minimum Security
This is when you just want to secure your web app in the most minimalistic way.  Something like the default jmx-console that you want to ship with JBoss AS7.

Step 1:  Add a security-constraint to your web.xml
Step 2: Add a security-domain to your jboss-web.xml
Step 3: Configure a security domain in standalone.xml
Step 4:  Have users.properties and roles.properties files in WEB-INF/classes directory of your web application

That is it.  How do you achieve these steps?  Look in the references below.
h2. 
h2. References
1.  http://java.dzone.com/articles/understanding-web-security http://java.dzone.com/articles/understanding-web-security
2.  http://community.jboss.org/docs/DOC-16811 http://community.jboss.org/wiki/JBossAS7SecurityDomainModel
--------------------------------------------------------------

Comment by going to Community
[http://community.jboss.org/docs/DOC-17297]

Create a new document in JBoss AS7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2225]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20111024/336e31d3/attachment.html