views:

314

answers:

1

What is the relation between web.xml and jboss-web.xml? Seems like:


  • Jboss-web.xml
    • specifies the security domain (which can be found in login-config.xml)

  • web.xml
    • specifies what the security level is

I don't understand what happens when jboss-web.xml specifies a weak security domain. Ie: one that cannot do what web.xml specifies. What happens then?

+1  A: 

To answer your general question, web.xml is the standard J2EE configuration file and is server-agnostic and its configurations will work with any J2EE compliant application server.

jboss-web.xml are JBoss specific extensions and abilities that exist only in JBoss (that is, another application server from another vendor may do that function, but it configures it differently). login-config.xml is also jboss specific, which is why you need a vendor specific configuration to tie the war and the login together.

I don't know if it is possible to have a configuration problem other than the JBoss security being too lax, but if there is a serious misconfiguration, I would expect JBoss to throw an error on deployment and fail to deploy the war.

Yishai
@Yishai, Thanks for the quick response. That is very helpful. I am going to leave the question open for a day or two to see if I get any more specific info.
sixtyfootersdude