[jboss-user] [Security & JAAS/JBoss] - Using JAAS Authentication with JBOSS and Tomcat on different

carcophan do-not-reply at jboss.com
Sat Dec 13 07:31:21 EST 2008


I am developing a Struts Webapp for a Team thats working on an EJB 2
Enterprise Application using JBoss 4.0.3 and JAAS.
The EJB Application is very large and takes long to deploy and start
JBoss so I was wondering if it is possible to use a standalone Tomcat
for developing the Webapp which connects to the services provided by
the EJB application running on JBoss, without having to deploy it into
the embedded Tomcat in JBoss. This would make testing and developing a
lot more efficient.

I've managed to deploy my webapp on a standalone Tomcat. The problem
however is logging in and getting an authenticated session.
When testing my webapp with the EAR in the same JBOSS everything works
well, but how do I tell the standalone Tomcat to use the JAAS Security
thats been configured for the EAR in JBoss?
As you can see I'm pretty clueless about Java Security, EJBs and JBOSS
Application Server.

The way authentication is configured at the moment (when deploying the
.ear and .war into the same JBOSS) is by having a jboss-web.xml inside
my war archive with the following settings:

  |        <security-domain>java:/jaas/ejb-app</security-domain>
  | </jboss-web>

I assume it looks up the settings in the login-config.xml with the
following settings, which tells it where to get the user credentials

<application-policy name = "ejb-app">
  |        <authentication>
  |                <login-module code =
  | "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag =
  | "required">
  |                        <module-option name="dsJndiName">java:/ejbappDS</module-option>
  |                        <module-option name="principalsQuery">SELECT PASSWORD FROM USERS
  | WHERE LOGINNAME = ? AND INVALID = 0</module-option>
  |                        <module-option name="rolesQuery">SELECT Role,'Roles' FROM USERS as
  | u,USERSROLES as r WHERE u.id=r.refuserid and u.LOGINNAME =
  | ?</module-option>
  |                        <module-option name="hashCharset">ISO-8859-1</module-option>
  |                        <module-option name="hashAlgorithm">MD5</module-option>
  |                        <module-option name="hashEncoding">BASE64</module-option>
  |                        <!-- module-option name = "unauthenticatedIdentity">nobody</module-option -->
  |                        <module-option name = "unauthenticatedIdentity">guest</module-option>
  |                </login-module>
  |        </authentication>
  |    </application-policy>

However the login-config.xml and jboss-web.xml seem to be specific to
jboss and not compatable with a tomcat-standalone. What do I need to
the the login and authentication working on a standalone Tomcat?

I would really be gratefull for any help on this matter.



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4196354#4196354

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4196354

More information about the jboss-user mailing list