This week's book giveaway is in the Mac OS forum. We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line! See this thread for details.
I'm trying to implement certificate based security in my application to secure by web services. I've found a little information, but was hoping that someone who has actually implemented it could help me out. Here's what I've got so far:
In order to lock down the request I added the following information to web.xml:
This means that the authentication for that security constraint will go to my cert-login entry in login-conf.xml (right?).
So, in login-conf.xml:
<!-- database based certificate authentication/authorization --> <application-policy name = "cert-login"> <authentication> <login-module code="org.jboss.security.auth.spi.BaseCertLoginModule" flag = "required"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="securityDomain">java:/jaas/ws-cert</module-option> </login-module> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name = "unauthenticatedIdentity">guest</module-option> <module-option name = "dsJndiName">java:/MySqlDS</module-option> <module-option name = "principalsQuery">select password from user where user_id=?</module-option> <module-option name = "rolesQuery">select user_role, 'Roles' from user where user_id=?</module-option> </login-module> </authentication> </application-policy>
this creates the cert-login entry. BaseCertLoginModule kept complaining about needing a security domain so I added the line with ws-cert and then added a corresponding securityDomain entry to jboss-service.xml: