Hi
I facing some problems while securing a web application on jboss...
below are the steps which i followed.....
I have created a web application in eclipse 3.2.2 on jboss 4.2.2GA .
I want to secure my webappllication using SSL
for this i have
1.generated certificate by using "%JAVA_HOME%\bin\keytool -genkey -alias
tomcat -keyalg RSA" command line
2.I have changed jboss/server/default/deploy/jboss-web.deployer/server.xml file
.in this file i replaced <connector port=8080..../> TO
3.Modified web.xml of the web application:
Added security mappings to web.xml file:
<servlet-mapping>
<servlet-name>testsecurity</servlet-name>
<url-pattern>/testsecurity</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
Protects all resources
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>WebAppUser</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>WebAppUser</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
4. created a jboss-web.xml file in side web-inf and made an entry of
<jboss-web>
<security-domain>java:/jaas/myweb-console</security-domain>
</jboss-web>
5. when iam trying to deploy and run the applocation on jboss it is prompting
for user name and password.
6.i have changed the boss-4.2.0.GA\server\default\conf\login-config.xml file .
added :
<application-policy name = "myweb-console">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option
name="usersProperties">web-console-users.properties</module-option>
<module-option
name="rolesProperties">web-console-roles.properties</module-option>
</login-module>
</application-policy>
when i specify the username and password i am not able to see my index.jsp page
it isgi=ving me status 401 error authentication.
my dout is do i need to specify username password of the certificate in any
one of the property file of jboss if so ... please let me know the formate to
spaecify....
tel me weather my approach to secure the webapplication on jboss is correct or
not
I am anle to access the jboss console using
https://localhost:8443/
when iam trying to access https://localhost:8443/testsecurity
it is giving error asaying status 401 authentication...
it should display index.jsp page ....
looking forward for ur replies .......Please help if any one has idea about ssl
security for jboss
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236262#4236262
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4236262
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
