- JBoss 4.2.2.GA
- Java 5 Update 15
Hello, everybody!
I have already finished my web application using the JBoss server. It's already
deployed, running and working well. This web application uses the FORM authentication
method to authenticate users (so users must provide a user name and password to log in),
being helped by a custom login module that does the real authentication behind the scenes.
All the JavaBeans and entity beans that this web application uses are in a EJB jar file
deployed on the same server (so the business logic is separated from the presentation).
But now I want to use this same EJB jar file that contains the business logic
from desktop applications (Swing clients). I suppose (correct me if I'm wrong) that in
order to make method calls on the session beans from the Swing clients, these Swing
clients also have to be authenticated on the server, like the web application is. But the
problem is that I have no idea how to authenticate from desktop applications, as the
process to do that could be very different from the web applications authentication
process. I also would like to know how to log out from the desktop applications.
Below are some extracts from my web application related to the authentication. I think
that showing this here is really not necessary, but I chose to do so in the hope that it
can be helpful to you to find an answer to me and to show you more precisely how I'm
authenticating from the web application.
--------------------------------------------------------------------------------
IN THE WEB APPLICATION:
=================
web.xml
----------
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>Laboratorio de Informatica</display-name>
<!-- more configuration... -->
<security-constraint>
<web-resource-collection>
<web-resource-name>restrito</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMINISTRADOR</role-name>
<role-name>USUARIO</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>permitido</web-resource-name>
<url-pattern>/css/*</url-pattern>
<url-pattern>/script/*</url-pattern>
<url-pattern>/imagens/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/errologin.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>ADMINISTRADOR</role-name>
</security-role>
<security-role>
<role-name>USUARIO</role-name>
</security-role>
<!-- more configuration... -->
</web-app>
jndi.properties
-----------------
java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
java.naming.provider.url=jnp://localhost:1099
jboss-web.xml
-----------------
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/laboratorio-informatica</security-domain>
</jboss-web>
login.jsp
----------
<h5>Informe o seu nÃÂúmero de matrÃÂÃÂcula e senha para acessar o
sistema.</h5>
MatrÃÂÃÂcula:
Senha:
IN THE EJB APPLICATION:
=================
ModuloLoginFuncionarios.java (this is the custom login module)
I'm showing you here just the methods that I override
--------------------------------------------------------------
package br.urca.www.laboratorioinformatica.seguranca.jboss;
|
| import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
| // other imports...
|
| public class ModuloLoginFuncionarios extends UsernamePasswordLoginModule
| {
| @Override
| protected String getUsersPassword() throws LoginException
| {
| // code...
| }
|
| @Override
| protected boolean validatePassword(String inputPassword, String expectedPassword)
| {
| // code...
| }
|
| @Override
| protected Throwable getValidateError()
| {
| // code...
| }
|
| @Override
| protected Group[] getRoleSets() throws LoginException
| {
| // code...
| }
| }
IN THE SERVER:
===========
C:\jboss-4.2.2.GA\server\default\conf\login-config.xml
---------------------------------------------------------------
<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
"-//JBoss//DTD JBOSS Security Config 3.0//EN"
"http://www.jboss.org/j2ee/dtd/security_config.dtd">
<!-- other configuration... -->
<!-- other configuration... -->
<application-policy name="laboratorio-informatica">
<login-module
code="br.urca.www.laboratorioinformatica.seguranca.jboss.ModuloLoginFuncionarios"
flag="required" />
</application-policy>
C:\jboss-4.2.2.GA\server\default\deploy\laboratorio-informatica-ds.xml
-----------------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: mssql-ds.xml 61002 2007-02-28 16:13:00Z weston.price(a)jboss.com $ -->
<local-tx-datasource>
<jndi-name>LaboratorioInformaticaDS</jndi-name>
<connection-url>jdbc:sqlserver://server_name;databaseName=database_name</connection-url>
<driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
<user-name>user_name</user-name>
password
<!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml (optional)
-->
<type-mapping>MS SQLSERVER2000</type-mapping>
</local-tx-datasource>
--------------------------------------------------------------------------------
So, I hope to get your help about this subject.
Thank you very much.
Marcos
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4161742#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...