DEVHIDE
Login Or Sign up

How do I share security-constraint between .wars?

401 Views Asked by At

I have a Java EE app server (jboss-eap-4.3) and several .wars that make up a larger web application. The idea is that a .war can be run separately or linked from another .war. As they are all part of the same app concepually, we don't want to present several logins.

I want to configure the .wars so that they all share the same security-constraints and security roles. Basically this part of web.xml:

<security-constraint>
   <web-resource-collection>
      <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
      <role-name>Admin</role-name>
   </auth-constraint>
<security-constraint>

<security-role>
   <role-name>Admin</role-name>
</security-role>

<login-config>
   <auth-method>BASIC</auth-method>
   <realm-name>WebApp</realm-name>
</login-config>

Our roles have been changing often lately and we're adding new .wars periodically as well. Additionally we change the auth-method depending on the deployment environment, which adds another reason to tweak. Ideally I'd like a way to break off the security portion of the web.xml so it can be "inherited" by the others. I thought realms might be a good place to look for this, but I didn't turn up anything promising.

Note that there are still other web apps in this container with a completely different security-domain, so a global setting for tomcat may not be appropriate.

security jakarta-ee war web-inf
Original Q&A
1

There are 1 best solutions below

0
On

Not a great answer, but I ended up automating the dirty work with ant macrodefs like the one below.

  <!-- 
   | Take a "plain" web.xml and add security settings to it.  
   | This will add BASIC authentication with Admin, Operator, and Guest role access 
   |
   -->
   <taskdef resource="net/sf/antcontrib/antlib.xml" /> 
   <macrodef name="addSecurityToWeb.xml">
      <attribute name="file"/>
      <sequential>
         <if>
            <not>
                <isfileselected file="@{file}">
                    <contains text="login-config" ignorewhitespace="true"/>
                </isfileselected>
            </not>
            <then>
               <replace file="@{file}">
                  <replacetoken><![CDATA[</web-app>]]></replacetoken>
                  <replacevalue>
   <![CDATA[
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Protected Area</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>Admin</role-name>
        </auth-constraint>

        <transport-guarantee>NONE</transport-guarantee>
    </security-constraint>

    <!-- Security roles referenced by this web application -->
    <security-role>
        <role-name>Admin</role-name>
    </security-role>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>WebApp</realm-name>
    </login-config>
</web-app>
   ]]>    
                  </replacevalue>
               </replace>
            </then>
         </if>
      </sequential>
  </macrodef>

Related Questions in SECURITY

Related Questions in JAKARTA-EE

Related Questions in WAR

Related Questions in WEB-INF

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.