[jboss-user] [Security & JAAS/JBoss] - using digest authentication
martique
do-not-reply at jboss.com
Thu Feb 8 06:10:29 EST 2007
Hi, I'm learning JBoss and I'm trying to use digest authentication for my web application. I did this:
1) application.war/WEB-INF/web.xml:
<security-constraint>
<display-name>Default JSP Security Constraints</display-name>
<web-resource-collection>
<web-resource-name>Portlet Directory</web-resource-name>
<url-pattern>/jsp/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>MyApplication</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
2)application.war/WEB-INF/jboss-webxml:
<security-domain>java:/jaas/pentaho</security-domain>
<security-role>
<role-name>admin</role-name>
<principal-name>martagroup</principal-name>
<principal-name>marta</principal-name>
</security-role>
3)server/default/conf/login-config.xml
<application-policy name="application">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/digest-users.properties</module-option>
<module-option name="rolesProperties">props/digest-roles.properties</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">rfc2617</module-option>
<module-option name="hashUserPassword">false</module-option>
<module-option name="hashStorePassword">true</module-option>
<module-option name="passwordIsA1Hash">true</module-option>
<module-option name="storeDigestCallback">
org.jboss.security.auth.spi.RFC2617Digest
</module-option>
</login-module>
</application-policy>
4)conf/props/digest-roles.properties
marta=admin
5)conf/props/digest-users.properties
marta=231484604fc44289526e4420998828a7
digested string was created as:
java -cp jbosssx.jar org.jboss.security.auth.spi.RFC2617Digest marta "My Application" marta
It doesn't work at all, my application load without any authentication. What I did wrong?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4012968#4012968
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4012968
More information about the jboss-user
mailing list