Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to use CertRolesLoginModule

 
Bobby Anderson
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anyone have an example of how to use the predefined CertRolesLoginModule? I.E. I know how to define it in the login-config file but I am not really sure how to use it in code. I.E. what do I need to setup before I call my ejb method that is annotated with the @RolesAllowed and @SecurityDomain annotation.

Seems like I can find a ton of info out there about what to put in the config xml files but then what do you when you need to call the code?

Thanks,
Billy
 
Peter Johnson
author
Bartender
Posts: 5852
7
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I will assume that you are getting to your EJBs via a servlet (you never said), or some servlet-based technology such as JSF. You need to secure the web pages to your app. The user will then be forced to sign in before accessing those pages. The resulting security credential is then kept by the thread and is used by the @RolesAllowed and similar annotations.
 
Bobby Anderson
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Peter. I wasn't really doing anything with my web services/ servlets as far as security it was all in my EJBs. So I was really looking for this if anyone else cares.


 
Bobby Anderson
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I did have one more question related to this login module. You need to specify the roles.properties somewhere. Jboss documentation says to put it in the conf directory which works just fine. But it also says you can put it in the "J2EE deployment jar". I am not really sure what that means.

My app servers are clustered so instead of putting this info in the conf directory of every server it would be nice to be able to deploy it with my .ear. Is this what they mean by the J2EE deployment jar? Probably not, but that means there is some other place I can put this file. Does anyone know where.

Also I know that you can re-name the file, but that is not really what I am looking for.

Thanks again,
Billy
 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My app servers are clustered so instead of putting this info in the conf directory of every server it would be nice to be able to deploy it with my .ear. Is this what they mean by the J2EE deployment jar?


Yes, that's what that line means. You can package those properties file in the root of the EAR or your jar.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic