[jboss-user] [Beginner's Corner] - FORM-based declarative authentication against MySQL Realm

R Saravana Prasad do-not-reply at jboss.com
Mon Sep 10 21:30:45 EDT 2012


R Saravana Prasad [https://community.jboss.org/people/rsprasad] modified the document:

"FORM-based declarative authentication against MySQL Realm"

To view the document, visit: https://community.jboss.org/docs/DOC-16020

--------------------------------------------------------------
This article is about FORM-Based authentication for jboss for securing admin related pages.
The attached web application uses declarative authentication against mysql security realm.

Add following *security-constraint* section to *web.xml*:
<security-constraint>
     <display-name>require valid user</display-name>
  <web-resource-collection>
  <web-resource-name>internal application</web-resource-name>
  <!-- secure only admin pages-->
  <url-pattern>/admin/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
  <!--Admin pages secured only for admin-->
  <role-name>admin</role-name>
</auth-constraint>
</security-constraint>

Add following *login-config* section to *web.xml*:

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
  <form-login-page>/login.jsp</form-login-page>
  <form-error-page>/loginInvalid.jsp</form-error-page>
</form-login-config>
</login-config>

Find and replace following realm config section in <JBOSS_HOME>\server\default\deploy\jbossweb.sar\*server.xml*:

<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/jaasrealm"
        connectionName="root"
        connectionPassword=""
        userTable="users" 
userNameCol="user_name" 
        userCredCol="user_pass"
userRoleTable="user_roles" 
roleNameCol="role_name" />

>From the above, realm requires DB Class name, DB Driver class, DB URL, 
DB name, DB username, DB password and 
userTable is users,
userNameCol is user_name,
userRoleTable is user_roles,
userCredCol is user_pass and
roleNameCol is role_name

Setting up security realm:
Have mysql running.

mysql> create database jaasrealm;
mysql> use jaasrealm;
mysql> create table users (
  user_name varchar(15) not null primary key,
  user_pass varchar(15) not null
);

mysql> create table user_roles (
  user_name varchar(15) not null,
  role_name varchar(15) not null,
  primary key (user_name, role_name)
);

mysql> insert into users values('hari','good');
mysql> insert into users values('hara','better');

mysql> insert into user_roles values('hari','usergroup');
mysql> insert into user_roles values('hara','admin');

In case more roles to be added to same user, hara keep adding more user_role records to hara:
mysql> insert into user_roles values('hara','editor');
mysql> insert into user_roles values('hara','publisher');

Ensure mysql driver in JBoss classpath, browser setting for cookies and modify JBossIPAddress in links in JSPs.
Deploy the application after extracting it to JBOSS_HOME/server/default/deploy/.
Reach the application at URL:  http://%3cjbossipaddress%3e:8080/auth/index.jsp http://<JBossIPAddress>:8080/auth/index.jsp
The first two links are to user pages that require no authentication.
The last two links are to admin pages which require authentication.
Clicking on admin links will cause login.jsp to be displayed as configured by login-config section of web.xml.
The pages are authenticated by j_security_check with textboxes for j_username and j_password.
A j_security_check servlet reserved by JBoss for authentication handles the request and the security-constraints associated with it.
On successful authentication, the secured admin page will be displayed.
On unsuccessful authentication, loginInvalid.jsp as configured by login-config section of web.xml will be displayed.

Fire up the JBoss and pull up the app...

Saravana Prasad
--------------------------------------------------------------

Comment by going to Community
[https://community.jboss.org/docs/DOC-16020]

Create a new document in Beginner's Corner at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2075]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120910/5edc0bf9/attachment-0001.html 


More information about the jboss-user mailing list