[jboss-user] [Security & JAAS/JBoss] - How do you secure static content?
jfrankman
do-not-reply at jboss.com
Sun Nov 5 09:05:31 EST 2006
I have created a context in the jbossweb-tomcat55.asr for sharing documents. However, I want to protect this context with a security constraint. To the best of my knowlege I have everything set up correctly, but a user is not prompted for a username/password and the context is still accessible by anyone.
I have tried to get this working by placing the following in the server.xml file in the jbossweb-tomcat55.sar directory please tell me what I am doing wrong. I am at the end of my rope:
| <Host name="localhost"
| autoDeploy="false" deployOnStartup="false" deployXML="false" >
| <Context path="/media" appBase="" docBase="/windows/D/media" debug="99" reloadable="true">
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>blah blah blah</web-resource-name>
| <url-pattern>/*</url-pattern>
| </web-resource-collection>
| <auth-constraint>
| <role-name>mediauser</role-name>
| </auth-constraint>
| </security-constraint>
| <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
| driverName="com.mysql.jdbc.Driver"
| connectionURL="jdbc:mysql://localhost/jboss?user=jbossuser&password=password"
| userTable="users" userNameCol="user_name" userCredCol="user_pass"
| userRoleTable="user_roles" roleNameCol="role_name"/>
|
|
|
| <login-config>
| <auth-method>BASIC</auth-method>
| <realm-name>Example Realm</realm-name>
| </login-config>
|
| <security-role>
| <description>The role that is required to log in to
| the Manager Application</description>
| <role-name>mediauser</role-name>
| </security-role>
|
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983296#3983296
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983296
More information about the jboss-user
mailing list