[jboss-user] [JBoss Seam] - Re: JAAS login with JBoss Seam
msduk
do-not-reply at jboss.com
Tue Mar 27 12:42:05 EDT 2007
It might be true now but I had configuration hell...
| <?xml version="1.0" encoding="UTF-8"?>
| <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">
|
| <jboss-web>
|
| <security-domain>java:/jaas/fooSecurityPolicy</security-domain>
|
| <!-- Resource Environment References -->
|
| <!-- Resource references -->
|
| <!-- EJB References -->
|
| </jboss-web>
|
| <?xml version='1.0'?>
| <!DOCTYPE policy PUBLIC
| "-//JBoss//DTD JBOSS Security Config 3.0//EN"
| "http://www.jboss.org/j2ee/dtd/security_config.dtd">
| <policy>
| <application-policy name="fooSecurityPolicy">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
| <module-option name="dsJndiName">
| java:/fooDatasource
| </module-option>
| <module-option name="principalsQuery">
| SELECT password FROM user WHERE userId=?;
| </module-option>
| <module-option name="rolesQuery">
| SELECT role, 'Roles' FROM role r
| INNER JOIN user u ON u.userID = r.userID
| WHERE u.userId=?
| </module-option>
| <module-option name="ignorePasswordCase">true</module-option>
| <module-option name="hashCharset">UTF-8</module-option>
| <module-option name="hashEncoding">hex</module-option>
| <module-option name="hashAlgorithm">MD5</module-option>
| </login-module>
| </authentication>
| </application-policy>
| </policy>
|
| <?xml version="1.0" encoding="UTF-8"?>
| <server>
| <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
| name="foo:service=DynamicLoginConfig">
| <attribute name="AuthConfig">foo-login-config.xml</attribute>
| <depends optional-attribute-name="LoginConfigService">
| jboss.security:service=XMLLoginConfig
| </depends>
| <depends optional-attribute-name="SecurityManagerService">
| jboss.security:service=JaasSecurityManager
| </depends>
| </mbean>
| </server>
|
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>Secure Area</web-resource-name>
| <description>Security for Protected Pages</description>
| <url-pattern>/secure/*</url-pattern>
| <http-method>POST</http-method>
| <http-method>GET</http-method>
| </web-resource-collection>
| <auth-constraint>
| <description>Only valid users can use the secure resources</description>
| <role-name>fooUser</role-name>
| </auth-constraint>
| <user-data-constraint>
| <transport-guarantee>NONE</transport-guarantee>
| </user-data-constraint>
| </security-constraint>
|
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>Admin Area</web-resource-name>
| <description>Administrator Protected Pages</description>
| <url-pattern>/admin/*</url-pattern>
| <http-method>POST</http-method>
| <http-method>GET</http-method>
| </web-resource-collection>
| <auth-constraint>
| <description>Only valid admin users can use the secure resources</description>
| <role-name>fooAdmin</role-name>
| </auth-constraint>
| <user-data-constraint>
| <transport-guarantee>NONE</transport-guarantee>
| </user-data-constraint>
| </security-constraint>
|
| <login-config>
| <auth-method>FORM</auth-method>
| <realm-name>fooSecurityPolicy</realm-name>
| <form-login-config>
| <form-login-page>/login.seam</form-login-page>
| <form-error-page>/loginError.seam</form-error-page>
| </form-login-config>
| </login-config>
|
| <security-role>
| <description>An foo system user</description>
| <role-name>fooUser</role-name>
| </security-role>
|
| <security-role>
| <description>An foo admin user</description>
| <role-name>fooAdmin</role-name>
| </security-role>
|
|
| <ejb-jar>
| <security-domain>java:/jaas/fooSecurityPolicy</security-domain>
| <assembly-descriptor>
| <interceptor-binding>
| <ejb-name>*</ejb-name>
| <interceptor-class>org.jboss.seam.ejb.SeamInterceptor</interceptor-class>
| </interceptor-binding>
| </assembly-descriptor>
| </ejb-jar>
|
| <jboss-app>
| <module>
| <service>foo-login-service.xml</service>
| </module>
| <loader-repository>
| seam.jboss.org:loader=foo
| </loader-repository>
| </jboss-app>
|
Personally I would use the simplified version if you can. I have always disliked JAAS.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4032124#4032124
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4032124
More information about the jboss-user
mailing list