jGuard authenticates users (with the help of JAAS), through a stack of LoginModules.
| [top] |
jGuard provides some convenient LoginModules, including a JNDILoginModule since jGuard 1.0 beta 2. So, the solution is either to use the loginModule provided in the jGuard distribution, or to use a LoginModule provided by sun directly with the Java Runtime Environment(JRE). to do it, you have only to declare in the 'loginmodules' field this one: com.sun.security.auth.module.JndiLoginModule note that this loginmodule connect to LDAP through the great abstraction layer called JNDI. more details can be reached directly at the corresponding page. It exists others LoginModule implementations which do the same stuff. the only requirement is only to implements the LoginModule interface.
| [top] |
you can configure jGuard to authenticate through a Kerberos system. the loginModule to use is the one provided by sun: com.sun.security.auth.module.Krb5LoginModule more information are provided here
| [top] |
jGuard can authenticate with any provided LoginModules implementations. here are the one provided by Sun. note that this loginmodule connect to LDAP through the great abstraction layer called JNDI. more details can be reached directly at the corresponding page. It exists others LoginModule implementations which do the same stuff. the only requirement is only to implements the LoginModule interface.
| [top] |
Since the 0.70 release, you have to use the JdbcAuthorizationManager and configure it through jGuardConfiguration.xml file to set the right driver and jdbc settings in order to and provide authorization. yourdatabaseName.properties file contains specific sql queries.
| [top] |
jGuard automatically authenticate you as 'guest' by default. it's not a security issue, but a design choice. but to fulfills your security requirements, you can configure that guest (unauthorized users), hasn't got access to your protected pages. how to do it? => configure the 'guest' role with no permissions. the guest user will only have access to login page and access denied page(access is always grant to these pages).
| [top] |
"I didn't want to associate a domain to the permission because this permission is alone in a functional point of view." All permission must belong to a domain. To solve your problem, it is suitable to create a 'default' domain which will regroup "orphan permissions". but it is not mandatory to assign this domain to a role (this domain has no "functional meaning"). You will only assign some permissions of this domain to the role. The reason to always assign a domain to a permission, is to be sure that the sum of permissions of all domains contains all the permissions declared in the application.
| [top] |
logonProcessURI is the way jGuard receive credentials through FORM authentication. The html form which contains your login and password will send this information to this special URI interecepted by jGuard. jGuard will evaluate them and authenticate you. It will redirect you to the convenient URI. So, this special URI does not point to a dedicated page.
| [top] |
To solve this issue, you must put the jGuard-jvm.jar archive in the 'shared lib' directory of your application server. More details about installation on application servers can be found on the Application Servers page
| [top] |
