[jboss-user] [Security & JAAS/JBoss] - not able to get the prompt asking for user password

SantoshKumar do-not-reply at jboss.com
Mon Nov 13 10:23:24 EST 2006 

trying to test for secure a web application in JBoss AS. 
added given entry in the following files

1. web.xml (under mywebapp/WEB-INF)
-------------

	<servlet-name>Hello</servlet-name>
	<servlet-class>HelloServlet</servlet-class>
	<display-name></display-name>
			
	<security-role-ref>
		<role-name>user</role-name> 
		<role-link>user</role-link>
	</security-role-ref>

		

<servlet-mapping>
	<servlet-name>Hello</servlet-name>
	<url-pattern>/hello</url-pattern>
</servlet-mapping>


<login-config>
	<auth-method>BASIC</auth-method>
	<realm-name>tw-app</realm-name>
</login-config>

<security-constraint>
	<web-resource-collection>			
		<url-pattern>/hello</url-pattern>
		<url-pattern>/*</url-pattern>			
	</web-resource-collection>
	<auth-constraint>
		<role-name>user</role-name>
		
	</auth-constraint>
	<user-data-constraint>
		<transport-guarantee>NONE</transport-guarantee>
	</user-data-constraint>
</security-constraint>	

<security-role>
	
	<role-name>user</role-name>
</security-role>

<error-page>
	<error-code>401</error-code>
	/error/401.html
</error-page>	

2. jboss-web.xml(under mywebapp/WEB-INF)
-------------------
<jboss-web>
  <security-domain>java:/jaas/tw-app</security-domain>
</jboss-web>

3. login-config.xml (under servername\conf\login-config.xml)
----------------------
<application-policy name = "tw-app">
	    
		<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
		flag = "required">
		<module-option name="usersProperties">props/tw-appUsers.properties</module-option>
		<module-option name="rolesProperties">props/tw-appRoles.properties</module-option>
		</login-module>
	    
</application-policy> 


my problem is that, while invoking the hello servlet, I am not being prompt for the user name and password as expecting to be. I am given error 404 , page not found. 
but when I comment all these things, I am getting the hello msg by the hello servlet.
could any one please tell me, if I am still missing anything in any config file to get browser prompt for user name and password.

Thanks

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985467#3985467

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985467

More information about the jboss-user mailing list