RS Prasad [
http://community.jboss.org/people/rsprasad] modified the document:
"FORM-based authentication"
To view the document, visit:
http://community.jboss.org/docs/DOC-16020
--------------------------------------------------------------
This article is about FORM-Based authentication for jboss for securing admin related
pages.
The attached web application uses declarative authentication against mysql security
realm.
Add following *security-constraint* section to *web.xml*:
<security-constraint>
<display-name>require valid user</display-name>
<web-resource-collection>
<web-resource-name>internal application</web-resource-name>
<!-- secure only admin pages-->
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<!--Admin pages secured only for admin-->
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Add following *login-config* section to *web.xml*:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginInvalid.jsp</form-error-page>
</form-login-config>
</login-config>
Find and replace following realm config section in
<JBOSS_HOME>\server\default\deploy\jbossweb.sar\*server.xml*:
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/jaasrealm"
connectionName="root"
connectionPassword=""
userTable="users"
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name" />
From the above, realm requires DB Class name, DB Driver class, DB URL,
DB name, DB username, DB password and
userTable is users,
userNameCol is user_name,
userRoleTable is user_roles,
userCredCol is user_pass and
roleNameCol is role_name
Setting up security realm:
Have mysql running.
mysql> create database jaasrealm;
mysql> use jaasrealm;
mysql> create table users (
user_name varchar(15) not null primary key,
user_pass varchar(15) not null
);
mysql> create table user_roles (
user_name varchar(15) not null,
role_name varchar(15) not null,
primary key (user_name, role_name)
);
mysql> insert into users values('hari','good');
mysql> insert into users values('hara','better');
mysql> insert into user_roles values('hari','usergroup');
mysql> insert into user_roles values('hara','admin');
Ensure mysql driver in JBoss classpath, browser setting for cookies and modify
JBossIPAddress in links in JSPs.
Deploy the application after extracting it to JBOSS_HOME/server/default/deploy/.
Reach the application at URL: http://%3cjbossipaddress%3e:8080/auth/index.jsp
http://<JBossIPAddress>:8080/auth/index.jsp
The first two links are to user pages that require no authentication.
The last two links are to admin pages which require authentication.
Clicking on admin links will cause login.jsp to be displayed as configured by login-config
section of web.xml.
The pages are authenticated by j_security_check with textboxes for j_username and
j_password.
A j_security_check servlet reserved by JBoss for authentication handles the request and
the security-constraints associated with it.
On successful authentication, the secured admin page will be displayed.
On unsuccessful authentication, loginInvalid.jsp as configured by login-config section of
web.xml will be displayed.
Thanks
Saravana Prasad
--------------------------------------------------------------
Comment by going to Community
[
http://community.jboss.org/docs/DOC-16020]
Create a new document in Beginner's Corner at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=102&am...]