stackoom
  简体   繁体   中英

How to set authentication on a specific URL in Jboss eap 6.1.0

 原文  2015-11-29 16:21:17       java/ jboss/ jboss7.x

Question

I am working on a project, where I want to apply authentication on a particular url. Jboss Version: Jboss eap 6.1.0

There is an URL in my application http://localhost:8080/myApp/monitoring I want when user hit this url, it will ask for user id and password

The below are the steps that I have done

Add following in WEB.XML 

<security-constraint>
    <web-resource-collection>
        <web-resource-name>All Access</web-resource-name>
        <url-pattern>/monitoring</url-pattern>
        <http-method>DELETE</http-method>
        <http-method>PUT</http-method>
        <http-method>HEAD</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>ApplicationRealm</realm-name>
</login-config>

<security-role>
    <role-name>user</role-name>
</security-role>

jboss-web.xml 

<jboss-web>
    <security-domain>java:/jaas/other</security-domain>
</jboss-web>

Then added user using add-user.bat file. But when I am hitting the url http://localhost:8080/myApp/monitoring server is responding back with Error Code 302 and the url is redirecting to https://localhost/myApp/monitoring

Can anyone please help on this. Thanks in advance.

1 answers

solution1
 0 ACCPTED  2015-12-01 07:56:28

You have misconfigured the security-constraint element in web.xml .

Try to use following value: 

<security-constraint>
    <web-resource-collection>
        <web-resource-name>All Access</web-resource-name>
        <url-pattern>/monitoring</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>user</role-name>
    </auth-constraint>
</security-constraint>

And now some details:

  • If you want to protect all HTTP methods accessing given URL, then don't name them in the web-resource-collection (otherwise only the named ones are protected)
  • If you specify transport-guarantee (with value not equal to NONE ) then you de facto requests using https (SSL/TLS) instead of http
  • You have to provide auth-constraint (with list of roles to which you grant access) if you don't want to grant access to everyone

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to install jboss-eap-6.1.0.GA How to remove authentication from HTTPServerAuthModule in Jboss EAP How to set HttpServletResponse on Jboss EAP 6.2? Spring framework JNDI Configuration issue in JBOSS eap 6.1.0 Need help creating SQL Server datasource for JBoss EAP 6.1.0 JBoss EAP 7 Basic Authentication not work How to configure JBoss EAP 6.3 WebApp for Kerberos authentication how to set JVM setting in Jboss EAP 6.4 for BRMS Static Variable gives null or default value when read in an EJB- jboss EAP 6.1.0 How to know Jboss EAP version
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM