JBoss development,
The document "PicketBox Authentication", was updated Feb 4, 2010
by ANIL SALDHANA.
To view the document, visit:
http://community.jboss.org/docs/DOC-14745#cf
Document:
--------------------------------------------------------------
PicketBox (formely JBoss Security) provides JAAS based authentication facilities for Java
applications.
*
*
*Pre-requisites*
* If you are running in JBoss Application Server v5.0 and beyond, the dependencies of
PicketBox are available. In this case, you only need to download the PicketBox core
libraries.
* If you are running in a non JBoss AS 5+ environment, then you will need to download some
dependencies for PicketBox apart from the core libraries.
*Authentication*
I
t is based on JAAS, available as part of the JDK.
We provide simple file based authentication, Database based authentication and LDAP based
authentication. Choose the login module that is suitable for you.
*
http://community.jboss.org/docs/DOC-11251
*
http://community.jboss.org/docs/DOC-11253
*
http://community.jboss.org/docs/DOC-9511
*
http://community.jboss.org/docs/DOC-12510
*Sample Code*
//Imports
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceType;
import org.picketbox.config.PicketBoxConfiguration;
import org.picketbox.factories.SecurityFactory;
//Arbitrary Method for authentication
private static void testAuthentication()
{
SecurityFactory.prepare();
try
{
String configFile = "config/authentication.conf";
PicketBoxConfiguration idtrustConfig = new PicketBoxConfiguration();
idtrustConfig.load(configFile);
AuthenticationManager am =
SecurityFactory.getAuthenticationManager(securityDomainName);
if(am == null)
throw new RuntimeException("Authentication Manager is null");
Subject subject = new Subject();
Principal principal = getPrincipal("anil");
Object credential = new String("pass");
boolean result = am.isValid(principal, credential);
if(result == false)
throw new RuntimeException("Authentication Failed");
result = am.isValid(principal, credential, subject);
if(result == false)
throw new RuntimeException("Authentication Failed");
if(subject.getPrincipals().size() < 1)
throw new RuntimeException("Subject has zero principals");
System.out.println("Authentication Successful");
}
finally
{
SecurityFactory.release();
}
}
Let us take a look at authentication.conf
<?xml version='1.0'?>
<policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:jboss:security-config:5.0"
xmlns="urn:jboss:security-config:5.0"
xmlns:jbxb="urn:jboss:security-config:5.0">
<application-policy name = "test">
<authentication>
<login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
</login-module>
</authentication>
</application-policy>
</policy>
In this example, we had two properties files:
defaultUsers.properties
anil=pass
defaultRoles.properties
anil=validuser
This example was very simple. It made use of a file based login module. In your
enterprise application, either the ldap or db based login module is recommended.
--------------------------------------------------------------