[jboss-user] [Security & JAAS/JBoss] - HowTo Link LDAP-Group with Roles?

Zwitsch do-not-reply at jboss.com
Thu Dec 7 12:50:49 EST 2006 

Hi,

I spend nearly the whole day, reading tutorials, forums and books... I finally got my authentication working but am stuck with the authorization.

I can login, but am getting - reasonably - a 403 error.

I'm originally coming from WebSphere where the EAR links the LDAP-Groups with the JAAS roles with a ibm-application-bnd.xmi.
But how can I make it on Jboss???

I set up login-config.xml, application.xml (ear), jboss-web.xml and web.xml to make the authentication happen. Any other file to edit/add?

Thanks in advantage for you help!
Zwitsch

application.xml

  | 	<display-name>
  | 	KaskoEAR</display-name>
  | 	<module>
  | 		<web>
  | 			<web-uri>Kasko.war</web-uri>
  | 			<context-root>kasko</context-root>
  | 		</web>
  | 	</module>
  | 	<security-role id="user">
  | 		<description>User</description>
  | 		<role-name>user</role-name>
  | 	</security-role>
  | 	<security-role id="poweruser">
  | 		<description>Poweruser</description>
  | 		<role-name>poweruser</role-name>
  | 	</security-role>
  | 	<security-role id="admin">
  | 		<description>Admin User</description>
  | 		<role-name>admin</role-name>
  | 	</security-role>
  | </application>

web.xml (extract)

!-- Security Config -->
  | 	
  | 	<login-config>
  | 		<auth-method>BASIC</auth-method>
  | 		<realm-name>Kasko Login</realm-name>
  | 	</login-config>
  | 	
  | 	<!-- Security Contraints -->
  | 	
  | 	<security-constraint>
  | 		<web-resource-collection>
  | 			<web-resource-name>Admin</web-resource-name>
  | 			<url-pattern>/Start</url-pattern>
  | 			<http-method>GET</http-method>
  | 			<http-method>POST</http-method>
  | 		</web-resource-collection>
  | 		<auth-constraint>
  | 			<role-name>admin</role-name>
  | 		</auth-constraint>
  | 	</security-constraint>
  | 	
  | 	<!-- Security Roles -->
  | 	
  | 	<security-role>
  | 		<description>Administrator</description>
  | 		<role-name>admin</role-name>
  | 	</security-role>

jboss-web.xml

<jboss-web>
  | 	
  | 	<context-root>/kasko</context-root>
  | 
  | 	<security-domain>java:/jaas/testdomain</security-domain>
  | 
  | </jboss-web>

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3992020#3992020

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3992020

More information about the jboss-user mailing list