---------- Forwarded message ----------
From: ERIC TENG <ericteng177@gmail.com>
Date: Wed, Aug 20, 2008 at 2:40 PM
Subject: HOW TO PASSWORD PROTECT A JBOSS URL OR DIRECTORY
To: "KEVIN FRANCIS @ WAVELET Francis" <kevinfrancis@wavelet.biz>
Cc: "Vincent Lee @ Wavelet Lee" <vincent@wavelet.biz>, "Janet Tan @ Wavelet Janet" <janet@wavelet.biz>
Francis,
Found the solution of "HOW TO PASSWORD PROTECT A JBOSS URL" (url can but Jboss App or a simple directory under the jboss deployment root dir).
Following is the instruction, Just add the following to "/usr/java/jboss/server/default/deploy/jbossweb-tomcat50.sar/conf/web.xml" file:
===============START OF TEXT ================
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<description>Protects all resources</description>
<url-pattern>/backup</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>WebAppUser</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>WebAppUser</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
===============END OF TEXT ================
"url-pattern" tag is the key here, regular expression is accepted. I also suspected that the role-name is security-role can be OMITTED, but didn't try that. Also, the research is not quite done, you may need to study the format of "login-config.xml" file to include username and password, or I suspect that by change the option on "login-config" tag, you can instruct JBOSS to refer the user login info using Linux OS's.
Try with following on your browser:
1. http://localhost:8080/emp
2. http://localhost:8080/wavelet-supplier
3. http://localhost:8080/backup
Found above on http://wiki.jboss.org/wiki/SecureAWebApplicationInJBoss
Regards,
Eric Teng
From: ERIC TENG <ericteng177@gmail.com>
Date: Wed, Aug 20, 2008 at 2:40 PM
Subject: HOW TO PASSWORD PROTECT A JBOSS URL OR DIRECTORY
To: "KEVIN FRANCIS @ WAVELET Francis" <kevinfrancis@wavelet.biz>
Cc: "Vincent Lee @ Wavelet Lee" <vincent@wavelet.biz>, "Janet Tan @ Wavelet Janet" <janet@wavelet.biz>
Francis,
Found the solution of "HOW TO PASSWORD PROTECT A JBOSS URL" (url can but Jboss App or a simple directory under the jboss deployment root dir).
Following is the instruction, Just add the following to "/usr/java/jboss/server/default/deploy/jbossweb-tomcat50.sar/conf/web.xml" file:
===============START OF TEXT ================
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<description>Protects all resources</description>
<url-pattern>/backup</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>WebAppUser</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>WebAppUser</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
===============END OF TEXT ================
"url-pattern" tag is the key here, regular expression is accepted. I also suspected that the role-name is security-role can be OMITTED, but didn't try that. Also, the research is not quite done, you may need to study the format of "login-config.xml" file to include username and password, or I suspect that by change the option on "login-config" tag, you can instruct JBOSS to refer the user login info using Linux OS's.
Try with following on your browser:
1. http://localhost:8080/emp
2. http://localhost:8080/wavelet-supplier
3. http://localhost:8080/backup
Found above on http://wiki.jboss.org/wiki/SecureAWebApplicationInJBoss
Regards,
Eric Teng
--
=========================
Phone : +6012-6018838
Website : www.wavelet.biz
=========================
No comments:
Post a Comment