Hi Gabor,
On 03/19/09 01:49 AM, Gabor Szokoli wrote:
> Hi,
>
> I'm using glassfish v2.1, and I like it :-)
>
> I'd like to impose security realm based access restrictions on an HTTP
> listener or Virtual Server (I don't care which, I have a 1-1 mapping.)
> Access to all web applications via that listener/server would require
> authentication (BASIC or DIGEST), and I'd like to avoid adding
> security-constraints to all the web.xml-s.
> I understand the great benefits of flexibility and specificity the
> per-application web.xml security configuration offers, I just don't
> need any of it now.
>
> Pretty much as if I had an apache proxy in front of my app. server
> doing the authentication, which I wanted to skip in this deployment,
> since supposedly we don't need it for serving up static content
> anymore :-)
>
> My google-foo is failing me on this one, all I can find is certificate
> based authentication in the listener (I'd like a file realm backed
> basic or digest), and auditing in the server.
>
Have you considered configuring your virtual-server with a custom valve
that would perform the authentication?
You would specify your valve (including its fully qualified class name)
as a property of your virtual server.
Let us know if you have any questions on how to do this.
Thanks!
Jan
>
> Thanks in advance for any advice!
>
> Gabor Szokoli
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>