[jboss-user] [Security & JAAS/JBoss] - using digest authentication

[martique]

Hi, I'm learning JBoss and I'm trying to use digest authentication for my web application. I did this:

1) application.war/WEB-INF/web.xml:

      <security-constraint>
        <display-name>Default JSP Security Constraints</display-name>
        <web-resource-collection>
          <web-resource-name>Portlet Directory</web-resource-name>
          <url-pattern>/jsp/*</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
          <role-name>admin</role-name>
        </auth-constraint>
        <user-data-constraint>
          <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>	
      </security-constraint>

<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>MyApplication</realm-name>
</login-config>

<security-role>
	<role-name>admin</role-name>
</security-role>


2)application.war/WEB-INF/jboss-webxml:

<security-domain>java:/jaas/pentaho</security-domain>

<security-role>
      <role-name>admin</role-name>
      <principal-name>martagroup</principal-name>
      <principal-name>marta</principal-name>
</security-role>

3)server/default/conf/login-config.xml

<application-policy name="application">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/digest-users.properties</module-option>
<module-option name="rolesProperties">props/digest-roles.properties</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">rfc2617</module-option>
<module-option name="hashUserPassword">false</module-option>
<module-option name="hashStorePassword">true</module-option>
<module-option name="passwordIsA1Hash">true</module-option>
<module-option name="storeDigestCallback">
org.jboss.security.auth.spi.RFC2617Digest
</module-option>
</login-module>

</application-policy>


4)conf/props/digest-roles.properties
marta=admin

5)conf/props/digest-users.properties
marta=231484604fc44289526e4420998828a7

digested string was created as:
java -cp jbosssx.jar org.jboss.security.auth.spi.RFC2617Digest marta "My Application" marta


It doesn't work at all, my application load without any authentication. What I did wrong?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4012968#4012968

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4012968