[jboss-user] [Beginner's Corner] - Basic Authentication Logout in EAP6

Wed Aug 1 09:54:13 EDT 2012

Alok Mishra [https://community.jboss.org/people/alokmp] created the discussion

"Basic Authentication Logout in EAP6"

To view the discussion, visit: https://community.jboss.org/message/751463#751463

--------------------------------------------------------------
I am using EAP 6 to login to web application using the following configuration.
On accessing the web application jboss automatically gives an inbuilt popup which asks for 
credentials and it allows to login successfully.

Now I want to logout of the web application but could not figure out a way to do so.
Please suggest any hints.

1. *Standalone.xml (In JBoss à Standalone à Configuration )  …dev*
2. *Domain.xml (In JBoss à Domain à Configuration)  …production*

Add a security-domain under below mentioned tag along with already present security domains.
Right Below ……
<subsystem xmlns="urn:jboss:domain:security:1.1">
 <security-domains>

 This was added.
 <security-domain name="configAppSecurityDomain" cache-type="default">
 <authentication>
 <login-module code="RealmUsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/mgmt-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/mgmt-roles.properties"/>
 <module-option name="realm" value="ManagementRealm"/>
<module-option name="unauthenticatedIdentity" value="nobody" /> 
 <module-option name="password-stacking" value="useFirstPass" />
 </login-module>
 </authentication>
 </security-domain>

For domain server (QA and Production) the location would be "${jboss.domain.config.dir}

1. *Web.xml (of Sovereign Config Web App)*

<security-constraint>
 <web-resource-collection>
 <web-resource-name>ConfigWebApp</web-resource-name>
 <description>Configuration Application</description>
 <url-pattern>/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>*configAppUserRole*</role-name>
 </auth-constraint>
    </security-constraint>
    <login-config>
 <auth-method>BASIC</auth-method>
<realm-name>ManagementRealm</realm-name>
    </login-config>
    <security-role>
 <role-name>* configAppUserRole* </role-name>
    </security-role>

1. *jboss-web.xml* 

Add this file with the below contents next to web.xml in the Sovereign Config Web App.

<?xml version='1.0' encoding='UTF-8' ?>
<jboss-web>
 <security-domain>java:/jaas/configAppSecurityDomain</security-domain>
</jboss-web>

1. *mgmt-users.properties*

Add a user in the mgmt-user.properties file (using the add-user.bat script from jboss à bin). Make sure the realm is ManagementRealm.

1. *mgmt-roles.properties*

Add the role *configAppUserRole* to above create user.

*(In JBoss à Standalone à Configuration)  dev environment*
*(In JBoss à Domain à Configuration) production environment*
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/751463#751463]

Start a new discussion in Beginner's Corner at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120801/4dadd547/attachment-0001.html 