I currently have two web apps, Identity and Business. Idenity is currently
configured to use jaas/jboss with a custom login module and it works great. I
now have this new app that I want to secure and I want to use Identity security
domain and login module. I have added the following to the jbos-web.xml in the
Business app (exact same as in the Identity app jboss-web.xml):
<jboss-web>
<security-domain
flushOnSessionInvalidation="true">java:/jaas/Identity</security-domain>
<resource-ref>
<res-ref-name>jdbc/cidb</res-ref-name>
<jndi-name>java:/jdbc/cidb</jndi-name>
</resource-ref>
</jboss-web>
I have also added the requisite security role/form login stuff in Business
web.xml. As follows:
<security-role>
basic client users
<role-name>client</role-name>
</security-role>
<security-role>
basic analyst users
<role-name>analyst</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>
client files
</web-resource-name>
<url-pattern>*.do</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>client</role-name>
<role-name>analyst</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Identity</realm-name>
<form-login-config>
<form-login-page>/common/start.jsp</form-login-page>
<form-error-page>/common/loginerror.jsp</form-error-page>
</form-login-config>
Now for the question :)
When I hit one of the Business apps struts pages like
/Business/initSplashPage.do, I get the proper login screen. When I try to
authenticate, the auth fails and I'm returned to the login screen. Actually my
login module isn't even being called. I'm assuming that the reason is that my
custom login module isn't visible in the classpath of the business app since it
actually lives inside the Identity app. Is this correct? Shouldn't jboss be
able to call my custom login module from wherever it lives?
Now for the weird part. When I authenticate as normal in the Identity app, then
click over to the Business app, it passes my auth info fine and recognises I'm
logged in, and the app works fine. This isn't such a big deal as my clients
will always go through the Identity app to the business app, but I don't know
why it won't work just authenticaing in the biz app.
Any ideas?
Thanks!
B
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971656#3971656
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3971656
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
