JBoss : Digest Authentication not works in web application

Tuesday, 5 June 2007

Hi,

I have implemented BASIC authentication on JBossAS successfully. But when I
want to use DIGEST authentication, it does not work.
I have done according to
http://docs.jboss.org/jbossas/guides/webguide/r2/en/html_single/#d0e708
but it not works.

I have added a security policy in jboss-4.0.5.GA\server\default
\conf\login.config.xml,

<application-policy name = "ProWS">
       <authentication>
          <login-module code="
org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
             <module-option name="usersProperties">props/ProWS-
users.properties</module-option>
             <module-option name="rolesProperties">props/ProWS-
roles.properties</module-option>
             <module-option
name="hashAlgorithm">MD5</module-option>
             <module-option
name="hashEncoding">rfc2617</module-option>
             <module-option
name="hashUserPassword">false</module-option>
             <module-option
name="hashStorePassword">true</module-option>
             <module-option
name="passwordIsA1Hash">true</module-option>
             <module-option name="storeDigestCallback">
org.jboss.security.auth.spi.RFC2617Digest</module-option>
          </login-module>
       </authentication>
    </application-policy>

I have added users in
jboss-4.0.5.GA\server\default\conf\props\ProWS-users.properties,

# A sample users.properties file for use with the UsersRolesLoginModule
admin=6b205f65c5200e6cdfaa38915407eb17
ashish=b81277561fad2cce151847f72b850414
noorul=930ab5c31004b14a83c93b53554c25d2

I have added roles in
jboss-4.0.5.GA\server\default\conf\props\ProWS-roles.properties ,

# A sample users.properties file for use with the UsersRolesLoginModule
admin=ShinseiAdmin
ashish=ShinseiAdmin
noorul=ShinseiAdmin

I have assigned security policy in
jboss-4.0.5.GA\server\default\deploy\ProWebs.war\WEB-INF\jboss-web.xml,

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
   <security-domain>java:/jaas/ProWS</security-domain>
  <context-root>/ProWebs</context-root>
</jboss-web>

I have added security-constraint in
jboss-4.0.5.GA\server\default\deploy\ProWebs.war\WEB-INF\web.xml,

   <security-constraint>
     <web-resource-collection>
       <web-resource-name>HtmlAdaptor</web-resource-name>
       <description>An example security config that only allows users with
the
         role ShinseiAdmin to access the HTML ShinseiWS web application
       </description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
     </web-resource-collection>
     <auth-constraint>
       <role-name>ShinseiAdmin</role-name>
     </auth-constraint>
   </security-constraint>
   <security-constraint>
     <web-resource-collection>
       <web-resource-name>Public</web-resource-name>
       <url-pattern>/public/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
     </web-resource-collection>
   </security-constraint>
   <login-config>
      <auth-method>DIGEST</auth-method>
      <realm-name>ProWebs</realm-name>
   </login-config>

   <security-role>
      <role-name>ShinseiAdmin</role-name>
   </security-role>

But it not works. Please help me.

Warm Regards

Noorul Hasan Khan
Software Engineer
Prologix Software Solutions Pvt. Ltd., India

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006