[jboss-user] [Security & JAAS/JBoss] - Re: Security Issues with Migrating from WebSphere to JBoss
plscstx
do-not-reply at jboss.com
Mon Jan 26 15:32:24 EST 2009
Never mind, figured it out.
web.xml security snippet:
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>Admin</web-resource-name>
| <description>Administrative Functions</description>
| <url-pattern>/admin/*</url-pattern>
| <url-pattern>/formprocessing/*</url-pattern>
| <url-pattern>/adminintro.html</url-pattern>
| <!-- url-pattern>/config/*</url-pattern -->
| <http-method>
| GET</http-method>
| <http-method>
| POST</http-method>
| <http-method>
| PUT</http-method>
| <http-method>
| HEAD</http-method>
| <http-method>
| TRACE</http-method>
| <http-method>
| DELETE</http-method>
| <http-method>
| OPTIONS</http-method>
| </web-resource-collection>
| <auth-constraint>
| <description>AdminSettings</description><role-name>*</role-name> </auth-constraint>
| <user-data-constraint>
| <transport-guarantee>NONE</transport-guarantee>
| </user-data-constraint>
| </security-constraint>
| <login-config>
| <auth-method>BASIC</auth-method>
| <!--realm-name>corpTax</realm-name>
| <realm-name>drhorton.com</realm-name-->
| <form-login-config>
| <form-login-page>/login.html</form-login-page>
| <form-error-page>/error.jsp</form-error-page>
| </form-login-config>
| </login-config>
note the * for the role
jboss-web.xml:
<jboss-web>
| <!-- All secured web content uses this security manager -->
| <security-domain>java:/jaas/myApp</security-domain>
| </jboss-web>
servers login-config.xml:
<application-policy name = "myApp">
| <authentication>
| <login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag = "required" >
| <!-- PASSWORD VERIFICATION -->
| <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
| <module-option name="java.naming.provider.url">ldap://servername:389/</module-option>
| <module-option name="java.naming.security.authentication">simple</module-option>
| <module-option name="principalDNPrefix">prefix\</module-option>
|
| </login-module>
| </authentication>
| </application-policy>
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4204810#4204810
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4204810
More information about the jboss-user
mailing list