Just a Note on How to Secure a JBoss Web Application…

By On 04/12/2008 · Leave a Comment

Please refer to http://www.jboss.org/community/docs/DOC-12185

1. Configure the web application for security by adding constraints to the web deployment descriptor.

     <security-constraint>
          <web-resource-collection>
               <web-resource-name>All resources</web-resource-name>
               <description>Protects all resources</description>
               <url-pattern>/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
               <role-name>WebAppUser</role-name>
          </auth-constraint>
     </security-constraint>

     <security-role>
          <role-name>WebAppUser</role-name>
     </security-role>

     <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>Test Realm</realm-name>
     </login-config>

2. Configure the jboss-web.xml file to point to the “my-web” application.

<security-domain>java:/jaas/my-web</security-domain>

3. Configure the login-config.xml file.

    <application-policy name = "my-web">
		<authentication>
			<login-module
				code="org.jboss.security.auth.spi.UsersRolesLoginModule"
				flag = "required">
				<module-option
					name="usersProperties">
					props/my-web-users.properties
				</module-option>
				<module-option
					name="rolesProperties">
					props/my-web-roles.properties
				</module-option>
			</login-module>
		</authentication>
	</application-policy>
Tagged with:
 
If you enjoyed this article, please consider sharing it!
Reddit Facebook Twitter Delicious

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>