Geek Answers Handbook

How to set up simple authentication in Jboss7.1

I am working on a project written in pure jsps (scriptlets) without using any frameworks.

jboss version: jboss-as-7.1.0.Final

Now I am trying to add simple authentication to it. Therefore, when a user tries to use the jsps browser, say, http://localhost/myContextPath/hello.jsp , he first requires a login.

web.xml

 <security-constraint> <web-resource-collection> <web-resource-name>All Access</web-resource-name> <url-pattern>/*</url-pattern> <http-method>DELETE</http-method> <http-method>PUT</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config>

Jboss-web.xml

 <jboss-web> <security-domain>other</security-domain> </jboss-web>

standalone.xml ([jboss_home] \ stand-alone \ configuration folder)

 <subsystem xmlns="urn:jboss:domain:security:1.1"> <security-domains> <security-domain name="other" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="users.properties"/> <module-option name="rolesProperties" value="roles.properties"/> </login-module> </authentication> </security-domain> <security-domain name="form-auth"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="users.properties"/> <module-option name="rolesProperties" value="roles.properties"/> </login-module> </authentication> </security-domain> </security-domains> </subsystem>

users.properties (placement under webapp classes folder)

 user1=jboss7

role.properties (placement under webapp classes folder)

 user1=Admin

After all these modifications, I try to use the hello jsp browser. I work as usual. No authentication, and no exceptions.

Iā€™m not sure that I am going in the right direction, or a security restriction is completely different things. Please help, thanks !!!

+6
source share
4 answers

Just configure BASIC authentication for the 7.1 next steps from this article.

Try it.

Configuration

web.xml

 <security-constraint> <web-resource-collection> <web-resource-name>All Access</web-resource-name> <url-pattern>/*</url-pattern> <http-method>DELETE</http-method> <http-method>PUT</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>ApplicationRealm</realm-name> </login-config> <security-role> <role-name>user</role-name> </security-role>

Jboss-web.xml

 <jboss-web> <security-domain>java:/jaas/other</security-domain> </jboss-web>

standalone.xml

No need to do anything if you are using ApplicationRealm .

Add User

You can add users to ApplicationRealm using the tools provided by jboss.

Inside% JBOSS_HOME% / bin. Use the add-user.bat (or) add-user.sh tools.

 C:\dev\jboss-eap-6.2\bin>add-user What type of user do you wish to add? a) Management User (mgmt-users.properties) b) Application User (application-users.properties) (a): b Enter the details of the new user to add. Using realm 'ApplicationRealm' as discovered from the existing property files. Username : johngalt Password : Re-enter Password : What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: user About to add user 'johngalt' for realm 'ApplicationRealm' Is this correct yes/no? yes Added user 'johngalt' to file 'C:\dev\jboss-eap-6.2\standalone\configuration\application-users.properties' Added user 'johngalt' to file 'C:\dev\jboss-eap-6.2\domain\configuration\application-users.properties' Added user 'johngalt' with groups user to file 'C:\dev\jboss-eap-6.2\standalone\configuration\application-roles.properties' Added user 'johngalt' with groups user to file 'C:\dev\jboss-eap-6.2\domain\configuration\application-roles.properties' Is this new user going to be used for one AS process to connect to another AS process? eg for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls. yes/no? no Press any key to continue . . . C:\dev\jboss-eap-6.2\bin>

It worked for me

+9
source

I do not see the need to change JBoss configurations, as if you wanted to change the server container later, you must also change the configurations. Instead, use a session object to check if a session exists. If it does not redirect the page to the login page. This will return the current session.

request.getSession();

On your login page, set the current session as an attribute

session.setAttribute('sess',request.getSession());

Using this comparison, the user will not be able to directly access any other page.

0
source

This is what works for me. Add this to web.xml

  <security-constraint> <web-resource-collection> <web-resource-name>HtmlAuth</web-resource-name> <description>application security constraints </description> <url-pattern>/*</url-pattern> <http-method>DELETE</http-method> <http-method>PUT</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>ApplicationRealm</realm-name> </login-config> <security-role> <role-name>user</role-name> </security-role>

Then add or create the jboss-web.xml file:

 <?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>java:/jaas/other</security-domain> </jboss-web>

add username in jboss: C: \ JBoss \ JBoss-shr-6.2 \ Bin> add-on user.bat

 What type of user do you wish to add? a) Management User (mgmt-users.properties) b) Application User (application-users.properties) (a): b Enter the details of the new user to add. Using realm 'ApplicationRealm' as discovered from the existing property files. Username : testid User 'testid' already exits, would you like to update the existing user password and roles Is this correct yes/no? yes Password : Re-enter Password : What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[user]: user,Manager Updated user 'testid' to file 'C:\jboss\jboss-eap-6.2\standalone\configuration\a pplication-users.properties' Updated user 'testid' to file 'C:\jboss\jboss-eap-6.2\domain\configuration\appli cation-users.properties' Updated user 'testid' with groups user,Manager to file 'C:\jboss\jboss-eap-6.2\s tandalone\configuration\application-roles.properties' Updated user 'testid' with groups user,Manager to file 'C:\jboss\jboss-eap-6.2\d omain\configuration\application-roles.properties' Is this new user going to be used for one AS process to connect to another AS pr ocess? eg for a slave host controller connecting to the master or for a Remoting conn ection for server to server EJB calls. yes/no? yes To represent the user add the following to the server-identities definition <sec ret value="TWF2ZXJpY2sjMDE=" /> Press any key to continue . . .
0
source

Basic authentication in WebApplications on JBoss AS6

http://middlewaremagic.com/jboss/?p=220

It should be very similar to 7

-1
source

More articles:


All Articles