Hi All, I've a big problem. I developed a JBoss / Seam / JSF / EJB3 App for my mastethesis. everything works fine, but now i've write about and to describe how it works. the security parts are my problem, i don't exactly know, what are the basic technologies (jaas, jbossSX, httpAuth, ...) for the different parts.
I use FormAuth on the web layer, and fetch the userprincipal on ejb layer from ejb-context. everything that follows is in my own datamodel, which i know to describe ;) Any hints wellcome! Thanks fr help my login service conf: <server> | <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" | name="termtimer:service=DynamicLoginConfig"> | <attribute name="AuthConfig">META-INF/termtimerSecurity-config.xml</attribute> | <!-- The service which supports dynamic processing of login-config.xml | configurations. | --> | <depends optional-attribute-name="LoginConfigService"> | jboss.security:service=XMLLoginConfig | </depends> | <!-- Optionally specify the security mgr service to use when | this service is stopped to flush the auth caches of the domains | registered by this service. | --> | <depends optional-attribute-name="SecurityManagerService"> | jboss.security:service=JaasSecurityManager | </depends> | </mbean> | </server> and my login config: <policy> | <application-policy name="termtimerSecurity"> | <authentication> | <login-module | code="org.jboss.security.auth.spi.DatabaseServerLoginModule" | flag="required"> | <!-- login-module | code="org.termtimer.model.TTDatabaseServerLoginModule" | flag="required" --> | <module-option name="unauthenticatedIdentity"> | guest | </module-option> | <module-option name="dsJndiName"> | java:/TermTimerDatabaseDS | </module-option> | <module-option name="principalsQuery"> | select password from user where username=? | </module-option> | <module-option name="rolesQuery"> | select userrole.rolename as userRoles,"Roles" from userrole, user_userrole, user where | userrole.id=user_userrole.roles_id | and | user_userrole.user_id=user.id | and | user.username=? | </module-option> | </login-module> | <login-module code="org.jboss.security.ClientLoginModule" | flag="required"> | <module-option name="unauthenticatedIdentity"> | guest | </module-option> | </login-module> | </authentication> | </application-policy> | </policy> View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3947230#3947230 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3947230 ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
