Anyone have an example of how to use the predefined CertRolesLoginModule? I.E. I know how to define it in the login-config file but I am not really sure how to use it in code. I.E. what do I need to setup before I call my ejb method that is annotated with the @RolesAllowed and @SecurityDomain annotation.
Seems like I can find a ton of info out there about what to put in the config xml files but then what do you when you need to call the code?
I will assume that you are getting to your EJBs via a servlet (you never said), or some servlet-based technology such as JSF. You need to secure the web pages to your app. The user will then be forced to sign in before accessing those pages. The resulting security credential is then kept by the thread and is used by the @RolesAllowed and similar annotations.
Thanks Peter. I wasn't really doing anything with my web services/ servlets as far as security it was all in my EJBs. So I was really looking for this if anyone else cares.
Joined: Oct 28, 2008
I did have one more question related to this login module. You need to specify the roles.properties somewhere. Jboss documentation says to put it in the conf directory which works just fine. But it also says you can put it in the "J2EE deployment jar". I am not really sure what that means.
My app servers are clustered so instead of putting this info in the conf directory of every server it would be nice to be able to deploy it with my .ear. Is this what they mean by the J2EE deployment jar? Probably not, but that means there is some other place I can put this file. Does anyone know where.
Also I know that you can re-name the file, but that is not really what I am looking for.
My app servers are clustered so instead of putting this info in the conf directory of every server it would be nice to be able to deploy it with my .ear. Is this what they mean by the J2EE deployment jar?
Yes, that's what that line means. You can package those properties file in the root of the EAR or your jar.