[jboss-user] [Security & JAAS/JBoss] - Re: Security Issues with Migrating from WebSphere to JBoss

[plscstx]

Never mind, figured it out.

web.xml security snippet:

  | 	<security-constraint>
  | 		<web-resource-collection>
  | 			<web-resource-name>Admin</web-resource-name>
  | 			<description>Administrative Functions</description>
  | 			<url-pattern>/admin/*</url-pattern>
  | 			<url-pattern>/formprocessing/*</url-pattern>
  | 			<url-pattern>/adminintro.html</url-pattern>
  | 			<!-- url-pattern>/config/*</url-pattern -->
  | 			<http-method>
  | 			GET</http-method>
  | 			<http-method>
  | 			POST</http-method>
  | 			<http-method>
  | 			PUT</http-method>
  | 			<http-method>
  | 			HEAD</http-method>
  | 			<http-method>
  | 			TRACE</http-method>
  | 			<http-method>
  | 			DELETE</http-method>
  | 			<http-method>
  | 			OPTIONS</http-method>
  | 		</web-resource-collection>
  | 		<auth-constraint>
  | 			<description>AdminSettings</description><role-name>*</role-name>                  </auth-constraint>
  | 		<user-data-constraint>
  | 			<transport-guarantee>NONE</transport-guarantee>
  | 		</user-data-constraint>
  | 	</security-constraint>
  | 	<login-config>
  | 		<auth-method>BASIC</auth-method>
  | 		<!--realm-name>corpTax</realm-name>
  | 		<realm-name>drhorton.com</realm-name-->
  | 		<form-login-config>
  | 			<form-login-page>/login.html</form-login-page>
  | 			<form-error-page>/error.jsp</form-error-page>
  | 		</form-login-config>
  | 	</login-config>

note the * for the role


jboss-web.xml:
<jboss-web>
  |     <!-- All secured web content uses this security manager -->
  |     <security-domain>java:/jaas/myApp</security-domain>
  | </jboss-web>

servers login-config.xml:
    <application-policy name = "myApp">
  |         <authentication>
  |               <login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag = "required" >
  | 	<!-- PASSWORD VERIFICATION -->
  | 	<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  | 	<module-option name="java.naming.provider.url">ldap://servername:389/</module-option>
  | 	<module-option name="java.naming.security.authentication">simple</module-option>
  | 	<module-option name="principalDNPrefix">prefix\</module-option>
  | 
  |              </login-module>
  |         </authentication>
  |     </application-policy>
  | 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4204810#4204810

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4204810