Ok, so it seems that you want standard J2EE security. There is two aspects to use standard security in JBoss: what is specified byt the J2EE spec and what is application server (JBoss in your case) specific.
For the J2EE specified aspect you need to declare your security constraints in your J2EE deployment descriptors (web.xml for web application and ejb-jar.xml for EJB components). See J2EE spec for more details. These constraints are basically saying which roles are needed to access which resources. For the JBoss aspect, you need to do the following: - First define your security domain. This is what you saw in the login-config.xml. It basically defines your user source (how users are authenticated) and where the user/role associations are coming from. If you want all that to come from a database, you might want to take a look at the JBoss DataBaseServerLogin module (see the wiki page about JBoss security: http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossSX). - Associate your J2EE applications (web or EJB) with the defined security domain. This is done through the JBoss specific deployment descriptor (jboss-web.xml or jboss.xml) by adding the the security-doamin element that will reference the domain that you defined in your login-config.xml. Between the JBoss-SX Wiki and the HowTo sample (referenced from the Wiki pages), you should find all the details that you need. Thomas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3886761#3886761 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3886761 ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
