[jboss-user] [Security & JAAS/JBoss] - Further details, and one refinement...

[jcollins914]

Upon further reviewing the JBoss Wiki, I was able to confirm that the jboss-web.xml file belongs in the WEB-INF directory.  I've removed the redundant copies from the file.

It occured to me that I should mention that I am NOT trying to secure any EJB's, jsp's, or html's, but rather, just one method, called processMessage, that is offered up through the web service available at the url which conforms to the form /CPWebService by use of JBossWS.  Much of the documentation I've found takes steps towards securing ejb's, and has thus seemed to trail off just when I need it most.  Hopefully this will provide the qualified reader a crucial clue.  I haven't been able to find anyone suggesting a way so specifically secure web method(s).  Perhaps I am attempting the impossible?  I suspect not, but rather that I have just not been able to unearch the appropriate hint.

Also, I'm not sure why the forum omitted portions of my log4j.xml code snippet, but I'm confident that's correct.  I obtained it from Q4 of the JBoss FAQ that is VERY frequently pointed to in this particular branch of the forums.

Thanks for your consideration of this bump in my road.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3984908#3984908

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3984908