[jbossws-users] JBoss : Digest Authentication not works in web application

Noorul Hasan Khan lifeandcare at gmail.com
Tue Jun 5 04:04:12 EDT 2007 

Hi,

I have implemented BASIC authentication on JBossAS successfully. But when I
want to use DIGEST authentication, it does not work.
I have done according to
http://docs.jboss.org/jbossas/guides/webguide/r2/en/html_single/#d0e708
but it not works.

I have added a security policy in jboss-4.0.5.GA\server\default
\conf\login.config.xml,

<application-policy name = "ProWS">
       <authentication>
          <login-module code="
org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
             <module-option name="usersProperties">props/ProWS-
users.properties</module-option>
             <module-option name="rolesProperties">props/ProWS-
roles.properties</module-option>
             <module-option name="hashAlgorithm">MD5</module-option>
             <module-option name="hashEncoding">rfc2617</module-option>
             <module-option name="hashUserPassword">false</module-option>
             <module-option name="hashStorePassword">true</module-option>
             <module-option name="passwordIsA1Hash">true</module-option>
             <module-option name="storeDigestCallback">
org.jboss.security.auth.spi.RFC2617Digest</module-option>
          </login-module>
       </authentication>
    </application-policy>

I have added users in
jboss-4.0.5.GA\server\default\conf\props\ProWS-users.properties,

# A sample users.properties file for use with the UsersRolesLoginModule
admin=6b205f65c5200e6cdfaa38915407eb17
ashish=b81277561fad2cce151847f72b850414
noorul=930ab5c31004b14a83c93b53554c25d2

I have added roles in
jboss-4.0.5.GA\server\default\conf\props\ProWS-roles.properties ,

# A sample users.properties file for use with the UsersRolesLoginModule
admin=ShinseiAdmin
ashish=ShinseiAdmin
noorul=ShinseiAdmin

I have assigned security policy in
jboss-4.0.5.GA\server\default\deploy\ProWebs.war\WEB-INF\jboss-web.xml,

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
   <security-domain>java:/jaas/ProWS</security-domain>
  <context-root>/ProWebs</context-root>
</jboss-web>

I have added security-constraint in
jboss-4.0.5.GA\server\default\deploy\ProWebs.war\WEB-INF\web.xml,

   <security-constraint>
     <web-resource-collection>
       <web-resource-name>HtmlAdaptor</web-resource-name>
       <description>An example security config that only allows users with
the
         role ShinseiAdmin to access the HTML ShinseiWS web application
       </description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
     </web-resource-collection>
     <auth-constraint>
       <role-name>ShinseiAdmin</role-name>
     </auth-constraint>
   </security-constraint>
   <security-constraint>
     <web-resource-collection>
       <web-resource-name>Public</web-resource-name>
       <url-pattern>/public/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
     </web-resource-collection>
   </security-constraint>
   <login-config>
      <auth-method>DIGEST</auth-method>
      <realm-name>ProWebs</realm-name>
   </login-config>

   <security-role>
      <role-name>ShinseiAdmin</role-name>
   </security-role>

But it not works. Please help me.



Warm Regards

Noorul Hasan Khan
Software Engineer
Prologix Software Solutions Pvt. Ltd., India
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jbossws-users/attachments/20070605/8d32ea7a/attachment.html

More information about the jbossws-users mailing list