aspose file tools*
The moose likes JBoss/WildFly and the fly likes need advice on security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "need advice on security" Watch "need advice on security" New topic
Author

need advice on security

Karol Oslowski
Ranch Hand

Joined: Jul 22, 2005
Posts: 51
Hi,

I need advice. I'm working on security and the standard resouce securying via web.xml and j_security_check doesn't fit my needs. I would like to achieve such goals:

- Change the standard scenario: when user tries to access secured area he is redirected to login page - and then after successful authentication - get's access to secured resources. I would like to be able to redirect him sometimes first to some other page - for instance page forcing him to change the password - and only then to the requested resource,
- be able to put the login-form on any page and after logging in redirecting back to that page,
- requesting re-authentication for specific resources (and protecting access to them via SSL
- etc.

I've developed my own LoginModule and it's working perfectly but the standard solution with j_security_check and tomcat doesn't seem to fit my needs.

My question is where should I look for any information about how to achieve my goals? I've looked to the Jboss administraiton guide but still I'm not sure what to do.

Will I have to change/add something to JBoss source code?

I would be very grateful for any advice.

With Kind Regards,

Karol Oslowski
graham king
Ranch Hand

Joined: Dec 30, 2004
Posts: 133
Originally posted by Karol Oslowski:
[QB]Hi,

- Change the standard scenario: when user tries to access secured area he is redirected to login page - and then after successful authentication - get's access to secured resources.
- be able to put the login-form on any page and after logging in redirecting back to that page,

Sounds like you need a framework that knows about protected resources...
Struts has something you could use called a RequestProcessor.
I think it just involves a FrontController that delegates to the RequestProcessor which ensures user validation. If they aren't valid then push them to the login... it doesn't handle redirection well.

The petstore sample on java.sun.com has a good example of the FrontController delegating requests to a ResourceProcessor... I found that this is better for redirection.

I've developed my own LoginModule and it's working perfectly but the standard solution with j_security_check and tomcat doesn't seem to fit my needs.

My question is where should I look for any information about how to achieve my goals? I've looked to the Jboss administraiton guide but still I'm not sure what to do.


So you added your login module into the server/default/conf/login-config.xml?


write, revise, re-write, revise, again...<br />write, revise, re-write, revise, again...
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: need advice on security
 
Similar Threads
What does using JAAS buy me?
Custom form based authentication in JSF
How to servlet invoked secured EJB in JBOSS
Simple form-based authentication using JAAS
Redirect to the requested page failed using form-based authentication