We have a security realm that we use throughout our EAR.
| <application-policy name="mySecurityRealm"> | | <authentication> | <login-module code="com.myclass.MyLoginModule" flag="required"> | <module-option name="unauthenticated">guest</module-option> | <module-option name="dsJndiName">java:/myDataSource</module-option> | <module-option name="hashUserPassword">false</module-option> | <module-option name="hashStorePassword">false</module-option> | <module-option name="principalsQuery"> | ...commented out...</module-option> | | <module-option name="rolesQuery"> | ...commented out...</module-option> | </login-module> | </authentication> | | </application-policy> | I read the following: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html Scroll down until you see "Realm" under "Nested Elements". It seems as though you can specify a JAAS Realm: http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html So I did: | <Host name="localhost" | autoDeploy="false" deployOnStartup="false" deployXML="false" | configClass="org.jboss.web.tomcat.security.config.JBossContextConfig" | > | | <Realm className="org.apache.catalina.realm.JAASRealm" | appName="mySecurityRealm" | userClassNames="org.jboss.security.SimplePrincipal" | roleClassNames="org.jboss.security.SimpleGroup" | debug="99"/> | And I defined my virtual directory: | <Context path="/Reports" docBase="Reports" debug="0" reloadable="true" /> | But the security isn't working. So I defined the web.xml file under Reports/WEB-INF: | <security-constraint> | <web-resource-collection> | <web-resource-name>xxx</web-resource-name> | <url-pattern>/Reports/*</url-pattern> | <http-method>POST</http-method> | <http-method>GET</http-method> | </web-resource-collection> | <auth-constraint> | <role-name>Roles</role-name> | </auth-constraint> | <user-data-constraint> | <transport-guarantee>NONE</transport-guarantee> | </user-data-constraint> | </security-constraint> | <login-config> | <auth-method>FORM</auth-method> | <realm-name>mySecurityRealm</realm-name> | <form-login-config> | <form-login-page>/login.jsp</form-login-page> | <form-error-page>/loginerror.html</form-error-page> | </form-login-config> | </login-config> | <security-role> | and even put in a jboss-web.xml file: | <?xml version="1.0" encoding="UTF-8"?> | | <jboss-web> | <security-domain>java:/jaas/mySecurityRealm</security-domain> | </jboss-web> | Still no luck! Any ideas? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4138592#4138592 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4138592 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
