[jboss-user] [JBoss Portal] - Re: Best practice: secure direct web app access
CarstenRudat
do-not-reply at jboss.com
Thu Mar 20 12:37:37 EDT 2008
Hi PeterJ,
ok, thanks - I moved the security-constraint to the portlet-instances.xml.
But what can I do to prevent direct access to my war? I cannot set up a security-constraint in my web.xml, because I will be asked for username/password, when I call my app from JBoss Portal.
Or is this a "single-sign-on"-issue and I have to configure jboss-web.deployer anyhow to recognize, that I'm already logged on via the portal login?
Thank you very much for a tip or hint.
Carsten
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4138098#4138098
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4138098
More information about the jboss-user
mailing list