[JBoss-user] [Security & JAAS/JBoss] - Re: Configuring JBoss for DatabaseServerLoginModule

Thu, 04 Mar 2004 10:11:44 -0800 

Step One: login-config.xml
   <application-policy name="example2">
      
        <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
            flag="required">
            <module-option name="dsJndiName">java:/<your_mysqlDS></module-option>
            <module-option name="principalsQuery">select password from usertable where 
username=?</module-option>
<!-- below is how you cheat the roles, the result should produce 
rolename/'Roles'/'callerIdentity' -->
            <module-option name="rolesQuery">select 'Echo', 'Roles' from userdb where 
username=?</module-option>
         </login-module>     
      
   </application-policy>

Step Two: web.xml 
Add a security constraint like follows, notice the <role-name>Echo</role-name> just 
like your select above.
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Restricted</web-resource-name>
      Declarative security tests
      <url-pattern>/*</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>Echo</role-name>
    </auth-constraint>
    <user-data-constraint>
      no description
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>JAAS Tutorial Servlets</realm-name>
  </login-config>

  <security-role>
    A user allowed to invoke echo methods
    <role-name>Echo</role-name>
  </security-role>
   <security-role>
     A user with no permissions
     <role-name>nobody</role-name>
   </security-role>

Step Three: jboss-web.xml This is the name of your application-policy from step one.
<security-domain>java:/jaas/example2</security-domain>

That should do it.

<a 
href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3824215#3824215";>View 
the original post</a>

<a 
href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3824215>Reply 
to the post</a>


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to