How to secure your webapp to make it use Labs SSO.
Copy login-redirect.jsp into your webapp folder, so when application is deployed, it's available from webapp's root. You can find this jsp in resources/auth folder of labs build download it.
Add regular JAAS configuration to your web.xml and define <login-config> as follows
<login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login-redirect.jsp</form-login-page> <form-error-page>/login-redirect.jsp</form-error-page> </form-login-config> </login-config>
Add your web-app context to configuration/resources/to-copy/server/default/conf/josso-agent-config.xml inside <partner-app> segment
<partner-app> <context>/my-foo-context</context> <!-- modify this to match your webapp --> </partner-app>
Voila! Now you can use /my-foo-context/josso_login/ to. login and /my-foo-context/josso_logout/ (Don't forget the trailing "/") to sign out. First one will redirect you to common JOSSO login page and then, after successful login redirect back to you web application. If you require authentication for a resource, user will get redirected automatically to login page.
EXAMPLE web.xml from foo-view
<?xml version="1.0"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <display-name>Foo Web Application</display-name> <servlet> <servlet-name>FooServlet</servlet-name> <display-name>FooServlet</display-name> <description>My foo servlet</description> <servlet-class>org.jboss.labs.MyServlet</servlet-class> <load-on-startup>1</load-on-startup> <security-role-ref> <role-name>ALLUSERS</role-name> <role-link>ALLUSERS</role-link> </security-role-ref> </servlet> <servlet-mapping> <servlet-name>FooServlet</servlet-name> <url-pattern>*.ole</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>Authenticated</web-resource-name> <url-pattern>/auth/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>ALLUSERS</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login-redirect.jsp</form-login-page> <form-error-page>/login-redirect.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>ALLUSERS</role-name> </security-role> </web-app>
This will redirect to login page for every /foo-view/auth/.ole request and require "ALLUSERS" role. This is a special role that all valid users have. The rest of the authorization should be done by Labs auth service.
Comments