[jboss-user] [Security & JAAS/JBoss] - Re: Jsf Form Authentication problem

kourkk do-not-reply at jboss.com
Sat Sep 9 08:44:55 EDT 2006


to be more easy to someone to give some hints below I am posting some configuration file and code. I am using MySql for the user and roles and when I am logging manually
using LogingContext.login() it works. But when the form authentication is triggered and the logij.jsp is displayed I am authenticating but Iget 403 error. I want to use this facility in order to have the single signeon feature. Is it possible to have single signeon facility if you authenticate using:
---------------------------------------------
        	SecurityAssociationHandler handler = new SecurityAssociationHandler();
        	SimplePrincipal user = new SimplePrincipal(_uname);
        	handler.setSecurityInfo(user, _upass.toCharArray());
        	LoginContext loginContext = new LoginContext("myPolicy",(CallbackHandler)handler);
        	loginContext.login();
        	Subject subject = loginContext.getSubject();
        	Set principals = subject.getPrincipals();
        	principals.add(user);
---------------------------------------------
i.e: the user not to have again to login?
Can be happen some how to simulate this, or to call a method?

web.xml
---------------------------------------
<web-app>
    debug web.xml
    <context-param>
        <param-name>javax.faces.CONFIG_FILES</param-name>
        <param-value>
            /WEB-INF/faces-config.xml
        </param-value>
        
            Comma separated list of URIs of (additional) faces config files.
            (e.g. /WEB-INF/my-config.xml)
            See JSF 1.0 PRD2, 10.3.2
        
    </context-param>

    <context-param>
        <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
        <param-value>client</param-value>
        
            State saving method: "client" or "server" (= default)
            See JSF Specification 2.5.2
        
    </context-param>

    <context-param>
        <param-name>org.apache.myfaces.ALLOW_JAVASCRIPT</param-name>
        <param-value>true</param-value>
        
            This parameter tells MyFaces if javascript code should be allowed in the
            rendered HTML output.
            If javascript is allowed, command_link anchors will have javascript code
            that submits the corresponding form.
            If javascript is not allowed, the state saving info and nested parameters
            will be added as url parameters.
            Default: "true"
        
    </context-param>

    <context-param>
        <param-name>org.apache.myfaces.DETECT_JAVASCRIPT</param-name>
        <param-value>false</param-value>
    </context-param>

    <context-param>
        <param-name>org.apache.myfaces.CHECK_EXTENSIONS_FILTER</param-name>
        <param-value>true</param-value>
    </context-param>
    
<context-param>         
   <param-name>com.sun.faces.serializationProvider</param-name>
   <param-value>org.jboss.web.jsf.integration.serialization.JBossSerializationProvider</param-value>
</context-param>


    <context-param>
        <param-name>org.apache.myfaces.ADD_RESOURCE_CLASS</param-name>
        <param-value>org.apache.myfaces.renderkit.html.util.DefaultAddResource</param-value>
    </context-param>
        
    <context-param>
        <param-name>org.apache.myfaces.PRETTY_HTML</param-name>
        <param-value>true</param-value>
        
            If true, rendered HTML code will be formatted, so that it is "human readable".
            i.e. additional line separators and whitespace will be written, that do not
            influence the HTML code.
            Default: "true"
        
    </context-param>

    <context-param>
        <param-name>org.apache.myfaces.AUTO_SCROLL</param-name>
        <param-value>true</param-value>
        
            If true, a javascript function will be rendered that is able to restore the
            former vertical scroll on every request. Convenient feature if you have pages
            with long lists and you do not want the browser page to always jump to the top
            if you trigger a link or button action that stays on the same page.
            Default: "false"
        
    </context-param>
    <context-param>
        <param-name>org.apache.myfaces.secret</param-name>
        <param-value>MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIz</param-value>
    </context-param>
    <context-param>
        <param-name>org.apache.myfaces.algorithm</param-name>
        <param-value>AES</param-value>
    </context-param>
    <context-param>
        <param-name>org.apache.myfaces.algorithm.parameters</param-name>
        <param-value>CBC/PKCS5Padding</param-value>
    </context-param>
    <context-param>
        <param-name>org.apache.myfaces.algorithm.iv</param-name>
        <param-value>NzY1NDMyMTA3NjU0MzIxMA==</param-value>
    </context-param>
    
    
    <!-- Tiles ViewHandler config file -->
    
    <context-param>
    	<param-name>tiles-definitions</param-name>
    	<param-value>/WEB-INF/tiles.xml</param-value>
    	
    	Tiles configuration
         definition files and a listener need to be defined.
         the listener will initialize JspTilesViewHandlerImpl with tiles definitions.
    	
    </context-param>

    <!-- Extensions Filter -->
    
        <filter-name>extensionsFilter</filter-name>
        <filter-class>org.apache.myfaces.webapp.filter.ExtensionsFilter</filter-class>

        <init-param>        
        	<param-name>maxFileSize</param-name>
        		<param-value>100m</param-value>
        		Set the size limit for uploaded files.
            				 Format: 10 - 10 bytes
                    		 10k - 10 KB
                    		 10m - 10 MB
                    		 1g - 1 GB
                
        </init-param>                      
        <init-param>       
            <param-name>uploadMaxFileSize</param-name>
            <param-value>100m</param-value>
            Set the size limit for uploaded files.
                Format: 10 - 10 bytes
                        10k - 10 KB
                        10m - 10 MB
                        1g - 1 GB
            
        </init-param>
        <init-param>
            <param-name>uploadThresholdSize</param-name>
            <param-value>100m</param-value>
            Set the threshold size - files
                    below this limit are stored in memory, files above
                    this limit are stored on disk.

                Format: 10 - 10 bytes
                        10k - 10 KB
                        10m - 10 MB
                        1g - 1 GB
            
        </init-param>
<!--        <init-param>
            <param-name>uploadRepositoryPath</param-name>
            <param-value>/temp</param-value>
            Set the path where the intermediary files will be stored.
            
        </init-param>-->
    
    
    
        <filter-name>PostLoginFilter</filter-name>
        <filter-class>com.sms.PostLoginFilter</filter-class>
    

    <filter-mapping>
        <filter-name>PostLoginFilter</filter-name>
        <url-pattern>/j_security_check</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>PostLoginFilter</filter-name>
        <url-pattern>/user/*</url-pattern> 
    </filter-mapping>   

    <filter-mapping>
        <filter-name>PostLoginFilter</filter-name>
        <url-pattern>/faces/user/*</url-pattern> 
    </filter-mapping>

    <filter-mapping>
        <filter-name>PostLoginFilter</filter-name>
        <url-pattern>/company/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>PostLoginFilter</filter-name>
       <url-pattern>/faces/company/*</url-pattern>
    </filter-mapping>
                    
	<filter-mapping>
    	<filter-name>PostLoginFilter</filter-name>
    	
    <servlet-name>Faces Servlet</servlet-name>
	</filter-mapping>    
	<filter-mapping>
    	<filter-name>extensionsFilter</filter-name>
    	
    <servlet-name>Faces Servlet</servlet-name>
	</filter-mapping>

	
    <filter-mapping>
        <filter-name>extensionsFilter</filter-name>
        <url-pattern>*.jsf</url-pattern>
    </filter-mapping>	

    <filter-mapping>
        <filter-name>extensionsFilter</filter-name>
        <url-pattern>/faces/*</url-pattern>
    </filter-mapping>    

    <filter-mapping>
        <filter-name>extensionsFilter</filter-name>
        <url-pattern>*.jsp</url-pattern>
    </filter-mapping>
    
	<filter-mapping>
    	<filter-name>extensionsFilter</filter-name>
    	<url-pattern>/faces/myFacesExtensionResource/*</url-pattern>
	</filter-mapping>
	    

    <!-- Faces Servlet -->
    
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
        <security-role-ref>
          <role-name>user</role-name>
          <role-link>userrole</role-link>
        </security-role-ref> 
        <security-role-ref>
          <role-name>company</role-name>
          <role-link>companyrole</role-link>
        </security-role-ref>         
        
    

    <!-- Faces Servlet Mapping -->

    <!-- virtual path mapping -->
    
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    
    <!-- extension mapping -->
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.jsf</url-pattern>
    </servlet-mapping>

    <mime-mapping>
        html
        <mime-type>text/html</mime-type>
    </mime-mapping>
    <mime-mapping>
        txt
        <mime-type>text/plain</mime-type>
    </mime-mapping>    
    <!-- Welcome files -->

    
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>

  
    
    <error-page> 
      <error-code>404</error-code>
      /error404.jsp
    </error-page>
    
    <error-page> 
      <error-code>403</error-code>
      /error403.jsp
    </error-page>
    
    <error-page> 
      <error-code>503</error-code>
      /error503.jsp
    </error-page>

    <error-page> 
      <error-code>500</error-code>
      /error500.jsp
    </error-page>

    <error-page> 
      <error-code>401</error-code>
      /error401.jsp
    </error-page>
 


    <security-constraint>
        <display-name>Restrict access to login JSP pages</display-name>
        <web-resource-collection>
            <web-resource-name>Restrict access to login JSP pages</web-resource-name>
            <url-pattern>/faces/login.jsp</url-pattern>   
            <url-pattern>/login.jsp</url-pattern>      
            <url-pattern>/faces/login.jsf</url-pattern>   
            <url-pattern>/login.jsf</url-pattern>                         
        </web-resource-collection>
       
        <user-data-constraint>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>        
    </security-constraint>
    
    <security-constraint>
        <display-name>Restrict access to registration JSP pages</display-name>
        <web-resource-collection>
            <web-resource-name>Restrict access to registration JSP pages</web-resource-name>
            <url-pattern>/faces/regCompany.jsp</url-pattern>   
            <url-pattern>/regCompany.jsp</url-pattern>     
            <url-pattern>/faces/regCompany.jsf</url-pattern>   
            <url-pattern>/regCompany.jsf</url-pattern>                          
        </web-resource-collection>
        
        <user-data-constraint>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>        
    </security-constraint>

    <security-constraint>
        <display-name>Restrict access to registration user JSP pages</display-name>
        <web-resource-collection>
            <web-resource-name>Restrict access to registration JSP pages</web-resource-name>
            <url-pattern>/faces/regUser.jsp</url-pattern>   
            <url-pattern>/regUser.jsp</url-pattern>     
            <url-pattern>/faces/regUser.jsp</url-pattern>   
            <url-pattern>/regUser.jsp</url-pattern>                          
        </web-resource-collection>
        
        <user-data-constraint>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>        
    </security-constraint>


    <security-constraint>
        <display-name>Restrict access to login PROTj JSP pages</display-name>
        <web-resource-collection>
            <web-resource-name>Restrict access to login PROTj JSP pages</web-resource-name>
            <url-pattern>/faces/loginj.jsp</url-pattern>   
            <url-pattern>/loginj.jsp</url-pattern>      
            <url-pattern>/faces/loginj.jsf</url-pattern>   
            <url-pattern>/loginj.jsf</url-pattern>                         
        </web-resource-collection>
       
        <user-data-constraint>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>        
    </security-constraint>
        
    <security-constraint>
        <display-name>Restrict access to USER JSP pages</display-name>
        <web-resource-collection>
            <web-resource-name>Restrict access to COMPANY JSP pages</web-resource-name>
            <url-pattern>/user/*</url-pattern> 
            <url-pattern>/faces/user/*</url-pattern>        
        </web-resource-collection>
        
        <auth-constraint>
            With no roles defined, no access granted
            <role-name>userrole</role-name>
            <role-name>companyrole</role-name>
        </auth-constraint>
       
        <user-data-constraint>
          <transport-guarantee> CONFIDENTIAL </transport-guarantee>
        </user-data-constraint>        
    </security-constraint>
    
    <security-constraint>
        <display-name>Restrict access to COMPANY JSP pages</display-name>
        <web-resource-collection>
            <web-resource-name>Restrict access to COMPANY JSP pages</web-resource-name>
            <url-pattern>/company/*</url-pattern> 
            <url-pattern>/faces/company/*</url-pattern>                  
        </web-resource-collection>
        
        <auth-constraint>
            With no roles defined, no access granted
            <role-name>companyrole</role-name>
        </auth-constraint>
       
        <user-data-constraint>
          <transport-guarantee> CONFIDENTIAL </transport-guarantee>
        </user-data-constraint>        
    </security-constraint>
    
                  
    <login-config>

      <auth-method> FORM </auth-method>
      <realm-name>myPolicy</realm-name>
      <form-login-config>
     
        <form-login-page>/loginj.jsp</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
        
      </form-login-config>  
       
    </login-config>
      
    <security-role>
      <role-name> userrole </role-name>
    </security-role>

    <security-role>
      <role-name> companyrole </role-name>
    </security-role>
    
    
</web-app>
----------------------------------------------------------------


jboss-web.xml
------------------------------------------------------------
<?xml version="1.0"?>

<jboss-web>
	<security-domain>java:/jaas/myPolicy</security-domain>
</jboss-web>

-----------------------------------------------------------


Client auth.conf
----------------------------------------
client-login
{
org.jboss.security.ClientLoginModule required;
};

myPolicy
{
org.jboss.security.ClientLoginModule required;
org.jboss.security.auth.spi.DatabaseServerLoginModule required;
};


Server auth.conf in ../conf
------------------------------------------------
client-login
{
org.jboss.security.ClientLoginModule required;
};

myPolicy
{
org.jboss.security.ClientLoginModule required;
org.jboss.security.auth.spi.DatabaseServerLoginModule required
dsJndiName="java:/MySqlDS"
principalsQuery="SELECT PASSWD FROM PUBLIC.PRINCIPALS WHERE USERID=?"
rolesQuery="SELECT ROLEID 'Roles', ROLEGROUP 'RoleGroups' FROM PUBLIC.ROLES WHERE USERID=?"
;
};


jboss-service.xml
----------------------------------------------


   <!-- Load all jars from the JBOSS_DIST/server//lib directory. This
     can be restricted to specific jars by specifying them in the archives
     attribute.
    -->
   
<!-- The SSL domain setup -->

    
        
    
    file:${jboss.server.home.dir}/conf/sec.keystore
    rmi+ssl

   <!-- A Thread pool service -->
   
      JBoss System Threads
      System Threads
      <!-- How long a thread will live without any tasks in MS -->
      60000
      <!-- The max number of threads in the pool -->
      10
      <!-- The max number of tasks before the queue is full -->
      1000
      <!-- The behavior of the pool when a task is added and the queue is full.
      abort - a RuntimeException is thrown
      run - the calling thread executes the task
      wait - the calling thread blocks until the queue has room
      discard - the task is silently discarded without being run
      discardOldest - check to see if a task is about to complete and enque
         the new task if possible, else run the task in the calling thread
      -->
      run
   

   <!-- ==================================================================== -->
   <!-- Log4j Initialization                                                 -->
   <!-- ==================================================================== -->

   <mbean code="org.jboss.logging.Log4jService"
      name="jboss.system:type=Log4jService,service=Logging"
	  xmbean-dd="resource:xmdesc/Log4jService-xmbean.xml">
      resource:log4j.xml
      <!-- Set the org.apache.log4j.helpers.LogLog.setQuiteMode. As of log4j1.2.8
      this needs to be set to avoid a possible deadlock on exception at the
      appender level. See bug#696819.
      -->
      true
      <!-- How frequently in seconds the ConfigurationURL is checked for changes -->
      60
   


   

      <depends optional-attribute-name="Deployer">jboss.system:service=MainDeployer


      org.jboss.deployment.DeploymentSorter
      <!--

      
         <!-- Files starting with theses strings are ignored -->
         #,%,\,,.,_$
         <!-- Files ending with theses strings are ignored -->
         #,$,%,~,\,v,.BAK,.bak,.old,.orig,.tmp,.rej,.sh
         <!-- Files matching with theses strings are ignored -->
         .make.state,.nse_depinfo,CVS,CVS.admin,RCS,RCSLOG,SCCS,TAGS,core,tags
      

      <!-- Frequency in milliseconds to rescan the URLs for changes -->
      5000
      <!-- A flag to disable the scans -->
      true

      
         deploy/
      

      True

   




jndi.properties
----------------------------------------------------------------------------------------------
java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces

# Do NOT uncomment this line as it causes in VM calls to go over
# RMI!
java.naming.provider.url=localhost:1099


login-config.xml
----------------------------------------------------------------


    <application-policy name="myPolicy">
		
			<login-module code="org.jboss.security.ClientLoginModule" flag="required">
			</login-module>
			<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
				<module-option name="managedConnectionFactoryName">
					jboss.jca:service=LocalTxCM,name=MySqlDS
				</module-option>
				<module-option name="dsJndiName">
					java:/MySqlDS
				</module-option>
				<module-option name="principalsQuery">
					SELECT PASSWD FROM PUBLIC.PRINCIPALS WHERE USERID=?
				</module-option>
				<module-option name="rolesQuery">
					SELECT ROLEID 'Roles', ROLEGROUP 'RoleGroups' FROM PUBLIC.ROLES WHERE USERID=?
				</module-option>
			</login-module>
         
    </application-policy>
	
    <application-policy name = "client-login">
       
          <login-module code = "org.jboss.security.ClientLoginModule"
             flag = "required">
             <!-- Any existing security context will be restored on logout -->
             <module-option name="restore-login-identity">true</module-option>
          </login-module>
       
    </application-policy>

    <!-- Security domain for JBossMQ -->
    <application-policy name = "jbossmq">
       
          <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
             flag = "required">
             <module-option name = "unauthenticatedIdentity">guest</module-option>
             <module-option name = "dsJndiName">java:/DefaultDS</module-option>
             <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
             <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
          </login-module>
       
    </application-policy>

    <!-- Security domains for testing new jca framework -->
    <application-policy name = "HsqlDbRealm">
       
          <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
             flag = "required">
             <module-option name = "principal">sa</module-option>
             <module-option name = "userName">sa</module-option>
             <module-option name = "password"></module-option>
             <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
          </login-module>
       
    </application-policy>
	
	<application-policy name = "MySqlDbRealm"> 
       
        <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required"> 
         <module-option name ="principal">smsuser</module-option> 
         <module-option name ="userName">smsuser</module-option> 
         <module-option name ="password">smsuser</module-option> 
         <module-option name ="managedConnectionFactoryName">  
            jboss.jca:service=LocalTxCM,name=MySqlDS 
         </module-option> 
        </login-module> 
       
    </application-policy>
	
    <application-policy name = "JmsXARealm">
       
          <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
             flag = "required">
             <module-option name = "principal">guest</module-option>
             <module-option name = "userName">guest</module-option>
             <module-option name = "password">guest</module-option>
             <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
          </login-module>
       
    </application-policy>

    <!-- A template configuration for the jmx-console web application. This
      defaults to the UsersRolesLoginModule the same as other and should be
      changed to a stronger authentication mechanism as required.
    -->
    <application-policy name = "jmx-console">
       
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
           <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
           <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
          </login-module>
       
    </application-policy>

    <!-- A template configuration for the web-console web application. This
      defaults to the UsersRolesLoginModule the same as other and should be
      changed to a stronger authentication mechanism as required.
    -->
    <application-policy name = "$webConsoleDomain">
       
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
             <module-option name="usersProperties">web-console-users.properties</module-option>
             <module-option name="rolesProperties">web-console-roles.properties</module-option>
          </login-module>
       
    </application-policy>

    <!-- A template configuration for the JBossWS web application (and transport layer!).
      This defaults to the UsersRolesLoginModule the same as other and should be
      changed to a stronger authentication mechanism as required.
    -->
    <application-policy name="JBossWS">
      
        <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
          flag="required">
          <module-option name="usersProperties">props/jbossws-users.properties</module-option>
          <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
          <module-option name="unauthenticatedIdentity">anonymous</module-option>
        </login-module>
      
    </application-policy>

    <!-- The default login configuration used by any security domain that
    does not have a application-policy entry with a matching name
    -->
    <application-policy name = "other">
       <!-- A simple server login module, which can be used when the number 
       of users is relatively small. It uses two properties files:
       users.properties, which holds users (key) and their password (value).
       roles.properties, which holds users (key) and a comma-separated list of
       their roles (value).
       The unauthenticatedIdentity property defines the name of the principal
       that will be used when a null username and password are presented as is
       the case for an unuathenticated web client or MDB. If you want to
       allow such users to be authenticated add the property, e.g.,
       unauthenticatedIdentity="nobody"
       -->
       
          <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required" />
       
    </application-policy>




mysql-ds.xml
----------------------------------------------------------

  <local-tx-datasource>
    <jndi-name>MySqlDS</jndi-name>
    <connection-url>jdbc:mysql://localhost:3306/PUBLIC</connection-url>
    <driver-class>com.mysql.jdbc.Driver</driver-class>
    <user-name>smsuser</user-name>
    smsuser
    <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter</exception-sorter-class-name>
    <!-- should only be used on drivers after 3.22.1 with "ping" support
    <valid-connection-checker-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLValidConnectionChecker</valid-connection-checker-class-name>
    -->
    <!-- sql to call when connection is created
    <new-connection-sql>some arbitrary sql</new-connection-sql>
      -->
    <!-- sql to call on an existing pooled connection when it is obtained from pool - MySQLValidConnectionChecker is preferred for newer drivers
    <check-valid-connection-sql>some arbitrary sql</check-valid-connection-sql>
      -->
    <security-domain>MySqlDbRealm</security-domain>
    <!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml (optional) -->
    
       <type-mapping>mySQL</type-mapping>
    
  </local-tx-datasource>



server.xml
-------------------------------------------------------------------


   

      <!-- A HTTP/1.1 Connector on port 8080 -->
      

	
      <!-- A AJP 1.3 Connector on port 8009 -->
      

      <!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
      
      

      

         <!-- The JAAS based authentication and authorization realm implementation
         that is compatible with the jboss 3.2.x realm implementation.
         - certificatePrincipal : the class name of the
         org.jboss.security.auth.certs.CertificatePrincipal impl
         used for mapping X509[] cert chains to a Princpal.
         - allRolesMode : how to handle an auth-constraint with a role-name=*,
         one of strict, authOnly, strictAuthOnly
           + strict = Use the strict servlet spec interpretation which requires
           that the user have one of the web-app/security-role/role-name
           + authOnly = Allow any authenticated user
           + strictAuthOnly = Allow any authenticated user only if there are no
           web-app/security-roles
         
         
			-->
         <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
         behavior of JBossSecurityMgrRealm, but overrides the authorization
         checks to use JACC permissions with the current java.security.Policy
         to determine authorized access.
         - allRolesMode : how to handle an auth-constraint with a role-name=*,
         one of strict, authOnly, strictAuthOnly
           + strict = Use the strict servlet spec interpretation which requires
           that the user have one of the web-app/security-role/role-name
           + authOnly = Allow any authenticated user
           + strictAuthOnly = Allow any authenticated user only if there are no
           web-app/security-roles
		   -->
         
			
         

         
		 

            <!-- -->
            
           

         
         
            <!-- Uncomment to check for unclosed connections and transaction terminated checks
                 in servlets/jsps.
                 Important: You need to uncomment the dependency on the CachedConnectionManager
                            in META-INF/jboss-service.xml
			-->
            
            

         

      

   




loginj.jsp :FORM AUTHENTICATION
----------------------------------------------------------------
<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<%

response.setHeader("Cache-Control","no-cache"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
%>
Login


<form method="POST" action="<%= response.encodeURL("j_security_check") %>" >


Username:



Password:












PostLoginFilter.java
-------------------------------------
package com.sms;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;


public class PostLoginFilter implements Filter {
	  private FilterConfig config = null;

	  public void init(FilterConfig config) throws ServletException {
	    this.config = config;
	  }

	  public void destroy() {
	    config = null;
	  }
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain
 filterChain) throws IOException, ServletException {

        System.out.println("Before j_security_check");
        filterChain.doFilter(servletRequest, servletResponse);
        System.out.println("After j_security_check");
        
    }
    
}

What Is missing?
Please Help

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970529#3970529

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3970529



More information about the jboss-user mailing list