Hi there,
I'm trying to get an
applet running using JBoss3.2.3 as AS. I would like to have JAAS handle the security issues..
So I took a look at
https://coderanch.com/t/88165/JBoss/JAAS-JBOSS-Tutorial and many other documents (sigh) but I couldn't find the answer on some of my questions:
* I know how to secure a webpage, a client will ask a secured page and
tomcat will redirect you to a login page, but how does this work in an application? Will the AS ask me to login if I try to connect to a secured bean, or does the app have to login first, and then access the beans?
* If the app has to login first, I read in the how-to to use some code like this:
ctx = new LoginContext("secDomain", (CallbackHandler)handler);
ctx.login();
with secDomain the same name as the one defined in the jboss.xml on the AS. But how is the app supposed to know where to find the server? Shouldn't I include some kind of properties file telling the app on what Ip
ort the server is running?
* If I add the lines below to my login-config.xml I get an error on starting
JBoss:
<application-policy name="lmsintl">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">
java:/appsettings</module-option>
<module-option name="principalsQuery">Select password from User where username = ?</module-option>
<module-option name="rolesQuery">Select role as Role from Roles where username = ?</module-option>
</login-module>
</authentication
</application-policy>
The error is:
10:26:18,020 WARN [XMLLoginConfigImpl] Failed to load config: file:/D:/jboss-3.
2.3/server/lms/conf/login-config.xml
org.jboss.security.auth.login.ParseException: Encountered "<?xml" at line 1, column 1.
Was expecting one of:
<EOF>
<IDENTIFIER> ...
My head is hurting from bamging it against my keyboard.. I'm a great fan of OS but some more documentation wouldn't hurt..
Thanks in advance!
Sebastiaan
[ March 12, 2004: Message edited by: Sebastiaan Kortleven ]