[jboss-user] [Security & JAAS/JBoss] - Re: Cannot get JAAS to work
henkie.maritz@iits
do-not-reply at jboss.com
Sun Nov 2 02:11:37 EST 2008
I was under the impression that the iits-login-config.xml will be used instead of the default login-config.xml. I did not change login-config.xml at all.
I see that the following is defined in the login-config.xml:
<!-- The default login configuration used by any security domain that
does not have a application-policy entry with a matching name
-->
<application-policy name = "other">
<!-- A simple server login module, which can be used when the number
of users is relatively small. It uses two properties files:
users.properties, which holds users (key) and their password (value).
roles.properties, which holds users (key) and a comma-separated list of
their roles (value).
The unauthenticatedIdentity property defines the name of the principal
that will be used when a null username and password are presented as is
the case for an unuathenticated web client or MDB. If you want to
allow such users to be authenticated add the property, e.g.,
unauthenticatedIdentity="nobody"
-->
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>
So, you are right. But why does JBoss not pick up the policy defined as setout in the first post?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4186206#4186206
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4186206
More information about the jboss-user
mailing list