Re: [JBoss-user] security in jboss + tomcat ?

[Scott M Stark]

Tomcat security files are not used. You must specify the security domain for the web application using a jboss-web.xml descriptor in the war WEB-INF:   <jboss-web>     <security-domain>java:/jaas/myweb</security-domain> </jboss-web>   and then configure the login modules for the myweb security domain. See the security chapters in the getting started guide.   xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: Sebastien CHAUSSON To: [EMAIL PROTECTED] Sent: Thursday, October 03, 2002 2:42 AM Subject: [JBoss-user] security in jboss + tomcat ? Hi, I'm a little bit confused in using tomcat embedded with jboss (jboss 3.0.2 + tomcat 4.0.4) : I deploy my web app in jboss, and I'd like to add simple security with tomcat : I just want user to give a userName and password to access to everything in my web-app (seems quite easy !?!) Though I tried many changes, I always managed to access to my web-app without any checks !!!   In my web.xml, I added following snippet :   <security-constraint>     <web-resource-collection>         <web-resource-name>MyApplication</web-resource-name>         <url-pattern>/*</url-pattern>     </web-resource-collection>     <auth-constraint>         <role-name>myRole</role-name>     </auth-constraint> </security-constraint>   <login-config>     <auth-method>BASIC</auth-method>     <realm-name>MyApplication</realm-name> </login-config> I also added following line in catalina/conf/tomcat-users.xml :   <user name="USER1" password="USER1" roles="myRole" />   any ideas ?   TIA,   Sebastien