[jboss-user] [Security & JAAS/JBoss] - Re: Mixing CLIENT-CERT and BASIC authentication
alexanders
do-not-reply at jboss.com
Thu Mar 26 12:14:25 EDT 2009
Not sure this question is in scope of the forum.
Two things you need to describe in your web.xml:
1) Security constraint mapped to some url pattern and requires some role.
2) Role mapped to security domain.
So you need to configure your web.xml as following:
Two different security constraints mapped each to its url pattern
e.g.
<url-pattern>/*_cert_requred_*</url-pattern>
requires some role: "CertProtected"
<url-pattern>/*_passwd_requred_*</url-pattern>
requires some role: "PasswordProtected"
Best way to do this - separate your app to subcontexts:
<url-pattern>/cert_requred/*</url-pattern>
<url-pattern>/passwd_requred/*</url-pattern>
Then you need to map each role to its JAAS domain.
If you are mapping some security constraints to one url pattern (/*)... The result is depending on implementation. In best case you will got working the last constraint.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4221346#4221346
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4221346
More information about the jboss-user
mailing list