RE: [JBoss-user] Security help please!

Fri, 30 May 2003 04:47:14 -0700

Scott,
Is 3.2.1 docs available from ComponentSource? Last update for my annual subscription is still for 3.0.7.
 
thanks,
 
-xiangdong
-----Original Message-----
From: Scott M Stark [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 27, 2003 10:30 AM
To: [EMAIL PROTECTED]
Subject: Re: [JBoss-user] Security help please!

And what is wrong with the "Securing the JMX Console" section of either the

3.0.7 or 3.2.1 docs that tells you what files need to be modified? None of these

include conf/auth.conf or conf/jboss-service.xml. You do not have to modify the

conf/login-config.xml service unless you want to use LDAP, JDBC or something

else as the security database.


xxxxxxxxxxxxxxxxxxxxxxxx

Scott Stark

Chief Technology Officer

JBoss Group, LLC

xxxxxxxxxxxxxxxxxxxxxxxx

On Tuesday, May 27, 2003, at 02:39 AM, Brian McSweeney wrote:


Hi all,

I've got the pay for docs.

I understand security with web applications - using the web.xml file and

users and roles. I understand the basics of JAAS, what it should do etc.

I currently use a servlet filter to restrict access of my users to the web app,

however I want to set up an administrator who can only access some pages.

I don't want to use the Database module for this, because I currently don't

even store a role for my users. All I want to do is have some file (like you can

do with standalone tomcat - ie tomcat-users.xml) and use this as the realm

to setup an administrator role. I think this is what is done with the jmx-console.

It has a simple users.xml and roles.xml. I'd like to do something like that.

But bloody hell, the JBoss docs make security on JBoss seem SO damn

complicated. For example, files that I think I may need to write/change

jboss-web.xml

conf/login-conf.xml

conf/auth.conf

conf/jboss-service.xml

Can anyone:

a) Point me to a good site with a

"here's what you do to go from the default version of JBoss, to secure some web

pages using the roles.xml and users.xml (or what ever they are)."

b) Tell me how to do the above.

thanks so much,

(sorry about the rant :-) )

Brian




Reply via email to