[jboss-user] [Security & JAAS/JBoss] - re: securing virtual directories
adastar
do-not-reply at jboss.com
Mon Mar 24 16:58:57 EDT 2008
We have a security realm that we use throughout our EAR.
| <application-policy name="mySecurityRealm">
|
| <authentication>
| <login-module code="com.myclass.MyLoginModule" flag="required">
| <module-option name="unauthenticated">guest</module-option>
| <module-option name="dsJndiName">java:/myDataSource</module-option>
| <module-option name="hashUserPassword">false</module-option>
| <module-option name="hashStorePassword">false</module-option>
| <module-option name="principalsQuery">
| ...commented out...</module-option>
|
| <module-option name="rolesQuery">
| ...commented out...</module-option>
| </login-module>
| </authentication>
|
| </application-policy>
|
I read the following:
http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
Scroll down until you see "Realm" under "Nested Elements". It seems as though you can specify a JAAS Realm:
http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html
So I did:
| <Host name="localhost"
| autoDeploy="false" deployOnStartup="false" deployXML="false"
| configClass="org.jboss.web.tomcat.security.config.JBossContextConfig"
| >
|
| <Realm className="org.apache.catalina.realm.JAASRealm"
| appName="mySecurityRealm"
| userClassNames="org.jboss.security.SimplePrincipal"
| roleClassNames="org.jboss.security.SimpleGroup"
| debug="99"/>
|
And I defined my virtual directory:
| <Context path="/Reports" docBase="Reports" debug="0" reloadable="true" />
|
But the security isn't working. So I defined the web.xml file under Reports/WEB-INF:
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>xxx</web-resource-name>
| <url-pattern>/Reports/*</url-pattern>
| <http-method>POST</http-method>
| <http-method>GET</http-method>
| </web-resource-collection>
| <auth-constraint>
| <role-name>Roles</role-name>
| </auth-constraint>
| <user-data-constraint>
| <transport-guarantee>NONE</transport-guarantee>
| </user-data-constraint>
| </security-constraint>
| <login-config>
| <auth-method>FORM</auth-method>
| <realm-name>mySecurityRealm</realm-name>
| <form-login-config>
| <form-login-page>/login.jsp</form-login-page>
| <form-error-page>/loginerror.html</form-error-page>
| </form-login-config>
| </login-config>
| <security-role>
|
and even put in a jboss-web.xml file:
| <?xml version="1.0" encoding="UTF-8"?>
|
| <jboss-web>
| <security-domain>java:/jaas/mySecurityRealm</security-domain>
| </jboss-web>
|
Still no luck! Any ideas?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4138592#4138592
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4138592
More information about the jboss-user
mailing list