wood burning stoves 2.0*
The moose likes JBoss/WildFly and the fly likes How to use CertRolesLoginModule Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "How to use CertRolesLoginModule" Watch "How to use CertRolesLoginModule" New topic
Author

How to use CertRolesLoginModule

Bobby Anderson
Ranch Hand

Joined: Oct 28, 2008
Posts: 114
Anyone have an example of how to use the predefined CertRolesLoginModule? I.E. I know how to define it in the login-config file but I am not really sure how to use it in code. I.E. what do I need to setup before I call my ejb method that is annotated with the @RolesAllowed and @SecurityDomain annotation.

Seems like I can find a ton of info out there about what to put in the config xml files but then what do you when you need to call the code?

Thanks,
Billy
Peter Johnson
author
Bartender

Joined: May 14, 2008
Posts: 5823
    
    7

I will assume that you are getting to your EJBs via a servlet (you never said), or some servlet-based technology such as JSF. You need to secure the web pages to your app. The user will then be forced to sign in before accessing those pages. The resulting security credential is then kept by the thread and is used by the @RolesAllowed and similar annotations.


JBoss In Action
Bobby Anderson
Ranch Hand

Joined: Oct 28, 2008
Posts: 114
Thanks Peter. I wasn't really doing anything with my web services/ servlets as far as security it was all in my EJBs. So I was really looking for this if anyone else cares.


Bobby Anderson
Ranch Hand

Joined: Oct 28, 2008
Posts: 114
I did have one more question related to this login module. You need to specify the roles.properties somewhere. Jboss documentation says to put it in the conf directory which works just fine. But it also says you can put it in the "J2EE deployment jar". I am not really sure what that means.

My app servers are clustered so instead of putting this info in the conf directory of every server it would be nice to be able to deploy it with my .ear. Is this what they mean by the J2EE deployment jar? Probably not, but that means there is some other place I can put this file. Does anyone know where.

Also I know that you can re-name the file, but that is not really what I am looking for.

Thanks again,
Billy
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10069
    
163

My app servers are clustered so instead of putting this info in the conf directory of every server it would be nice to be able to deploy it with my .ear. Is this what they mean by the J2EE deployment jar?


Yes, that's what that line means. You can package those properties file in the root of the EAR or your jar.

[My Blog] [JavaRanch Journal]
 
 
subject: How to use CertRolesLoginModule