[jboss-user] [Security & JAAS/JBoss] - Implementing the Authorization using DatabaseServerLoginModu
rrsireesha
do-not-reply at jboss.com
Mon Jul 16 14:21:28 EDT 2007
Hi,
Iam using the JDeveloper and JBoss to develop my web application using JSF. And the data is retrieved from the database(Oracle). I have implemented the DatabaseServerLoginModule for Authorization and Authentication. Here is code I have in the backingbean method of the Login button.
SecurityAssociationHandler handler = new SecurityAssociationHandler();
SimplePrincipal user = new SimplePrincipal(j_username.getValue().toString());
handler.setSecurityInfo(user, j_password.getValue().toStrin().toCharArray());
LoginContext loginContext =
new LoginContext("testDB", (CallbackHandler)handler);
loginContext.login();
Subject subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
principals.add(user);
When I print the principals it is giving me the correct details from the database. The Authentication is working perfectly. I'm confused how to go from here for the authorization part. I have declared the page-level security in the web.xml and it is not working (no exceptions thrown). Role name with 'user' is able to access the pages under /admin folder.
Content of web.xml related to authorization-
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrator</web-resource-name>
<url-pattern>/faces/admin/*</url-pattern>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
Administrator
<role-name>admin</role-name>
</security-role>
Please advise me how to do the authorization part from here.
Thanks In Advance.
SR.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4064678#4064678
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4064678
More information about the jboss-user
mailing list