[jboss-user] [Beginner's Corner] - FORM-based declarative authentication against MySQL realm
RS Prasad
do-not-reply at jboss.com
Wed Oct 27 07:49:22 EDT 2010
RS Prasad [http://community.jboss.org/people/rsprasad] modified the document:
"FORM-based declarative authentication against MySQL realm"
To view the document, visit: http://community.jboss.org/docs/DOC-16020
--------------------------------------------------------------
This article is about FORM-Based authentication for jboss for securing admin related pages.
The attached web application uses declarative authentication against mysql security realm.
Add following *security-constraint* section to *web.xml*:
<security-constraint>
<display-name>require valid user</display-name>
<web-resource-collection>
<web-resource-name>internal application</web-resource-name>
<!-- secure only admin pages-->
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<!--Admin pages secured only for admin-->
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Add following *login-config* section to *web.xml*:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginInvalid.jsp</form-error-page>
</form-login-config>
</login-config>
Find and replace following realm config section in <JBOSS_HOME>\server\default\deploy\jbossweb.sar\*server.xml*:
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/jaasrealm"
connectionName="root"
connectionPassword=""
userTable="users"
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name" />
>From the above, realm requires DB Class name, DB Driver class, DB URL,
DB name, DB username, DB password and
userTable is users,
userNameCol is user_name,
userRoleTable is user_roles,
userCredCol is user_pass and
roleNameCol is role_name
Setting up security realm:
Have mysql running.
mysql> create database jaasrealm;
mysql> use jaasrealm;
mysql> create table users (
user_name varchar(15) not null primary key,
user_pass varchar(15) not null
);
mysql> create table user_roles (
user_name varchar(15) not null,
role_name varchar(15) not null,
primary key (user_name, role_name)
);
mysql> insert into users values('hari','good');
mysql> insert into users values('hara','better');
mysql> insert into user_roles values('hari','usergroup');
mysql> insert into user_roles values('hara','admin');
Ensure mysql driver in JBoss classpath, browser setting for cookies and modify JBossIPAddress in links in JSPs.
Deploy the application after extracting it to JBOSS_HOME/server/default/deploy/.
Reach the application at URL: http://%3cjbossipaddress%3e:8080/auth/index.jsp http://<JBossIPAddress>:8080/auth/index.jsp
The first two links are to user pages that require no authentication.
The last two links are to admin pages which require authentication.
Clicking on admin links will cause login.jsp to be displayed as configured by login-config section of web.xml.
The pages are authenticated by j_security_check with textboxes for j_username and j_password.
A j_security_check servlet reserved by JBoss for authentication handles the request and the security-constraints associated with it.
On successful authentication, the secured admin page will be displayed.
On unsuccessful authentication, loginInvalid.jsp as configured by login-config section of web.xml will be displayed.
Thanks
Saravana Prasad
--------------------------------------------------------------
Comment by going to Community
[http://community.jboss.org/docs/DOC-16020]
Create a new document in Beginner's Corner at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2075]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20101027/deaabfd3/attachment.html
More information about the jboss-user
mailing list