I am using j_security_check
for my struts web project and i am deploying it in jboss.
In my web.xml
i have defined role testuser
, created a jar file which contains users.properties
and roles.properties
with jar name as TestUserInfo.jar
where Test
is the name of the application.
My web.xml
:
<security-constraint>
<display-name>To secure Test site</display-name>
<web-resource-collection>
<web-resource-name>test_actions</web-resource-name>
<url-pattern>*.action</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>testuser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>test offshore realm</realm-name>
<form-login-config>
<form-login-page>/login_form.jsp</form-login-page>
<form-error-page>/login_error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>testuser</role-name>
</security-role>
users.properties
file have username=password
as name value pair and roles.properties
will have username=role
(in my case user=testuser
) as name value pair.
I am able to login using the username and password as it is in users.properties
file when application is deployed in JBoss. TestUserInfo.jar
is kept under jboss-5.1.0.GA\jboss-5.1.0.GA\server\default\lib
.
What i have to do in websphere for implementing the same?
You must use a 'file based custom user registry'. Following link gives details on how to configure it (users.props and groups.props files in this example will contain same information as in your users.properties and roles.properties files). The link is for WAS v6. If you're using another version you may search infocenter for same concept on your version.