Version 10
Created by szimano on Jan 18, 2008 9:47 AM. Last modified by szimano on Mar 6, 2008 3:04 PM.

    How to secure your webapp to make it use Labs SSO.

     

    • Copy login-redirect.jsp into your webapp folder, so when application is deployed, it's available from webapp's root. You can find this jsp in resources/auth folder of labs build download it.

    • Add regular JAAS configuration to your web.xml and define <login-config> as follows

         <login-config>
          <auth-method>FORM</auth-method>
          <form-login-config>
               <form-login-page>/login-redirect.jsp</form-login-page>
               <form-error-page>/login-redirect.jsp</form-error-page>
          </form-login-config>
     </login-config>

    • Add your web-app context to configuration/resources/to-copy/server/default/conf/josso-agent-config.xml inside <partner-app> segment

            <partner-app>
            <context>/my-foo-context</context> <!-- modify this to match your webapp -->
        </partner-app>

    • Voila! Now you can use /my-foo-context/josso_login/ to. login and /my-foo-context/josso_logout/ (Don't forget the trailing "/") to sign out. First one will redirect you to common JOSSO login page and then, after successful login redirect back to you web application. If you require authentication for a resource, user will get redirected automatically to login page.

     

    EXAMPLE web.xml from foo-view

     

    <?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
                         "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
     <display-name>Foo Web Application</display-name>
     <servlet>
          <servlet-name>FooServlet</servlet-name>
          <display-name>FooServlet</display-name>
          <description>My foo servlet</description>
          <servlet-class>org.jboss.labs.MyServlet</servlet-class>
          <load-on-startup>1</load-on-startup>
          <security-role-ref>
               <role-name>ALLUSERS</role-name>
               <role-link>ALLUSERS</role-link>
          </security-role-ref>
     </servlet>
     <servlet-mapping>
          <servlet-name>FooServlet</servlet-name>
          <url-pattern>*.ole</url-pattern>
     </servlet-mapping>
     <security-constraint>
          <web-resource-collection>
               <web-resource-name>Authenticated</web-resource-name>
               <url-pattern>/auth/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
               <role-name>ALLUSERS</role-name>
          </auth-constraint>
     </security-constraint>
     <login-config>
          <auth-method>FORM</auth-method>
          <form-login-config>
               <form-login-page>/login-redirect.jsp</form-login-page>
               <form-error-page>/login-redirect.jsp</form-error-page>
          </form-login-config>
     </login-config>
     <security-role>
          <role-name>ALLUSERS</role-name>
     </security-role>
</web-app>

     

    This will redirect to login page for every /foo-view/auth/.ole request and require "ALLUSERS" role. This is a special role that all valid users have. The rest of the authorization should be done by Labs auth service.

    2847 Views Categories: Tags: