3 Replies Latest reply on Oct 9, 2002 2:45 AM by richardberger

    JAAS with JBoss examples?

    gwoodward

      Hi:

      I am looking for some examples of using JAAS with JBoss, similar to the examples listed in the old online manual (http://www.jboss.org/online-manual/HTML/ch11s78.html). I am using JBoss 3.0.1 with Tomcat 4.0.4 on Linux. We have purchased the "all docs" yearly subscription, and have looked through the examples given in there, yet have not found any examples in there which lead one step-by-step through the configuration of authentication using simple users and roles properties files, nor for using JDBC authentication (which is our ultimate objective). Do such examples exist? I have pored over the documentation, and have searched through the forums, and have not found any good representative examples along with "how to" instructions.

      Any help you may be able to provide would be greatly appreciated.

      Regards,
      Greg

        • 1. Re: JAAS with JBoss examples?
          lmagee

          The JBoss documentation available for purchase has a number of examples of using JAAS in Chapter 8 (along with source code). At $10 it is well worth purchasing.

          • 2. Re: JAAS with JBoss examples?
            gwoodward

            As I said in my posting, we have purchased the yearly JBoss documentation subscription, and I have looked in detail through the examples in Chapter 8. There are examples for using a security proxy, authentication using JNDI, SRP, an SSL test, and a timed cache policy. What seems to be lacking are more simple, basic examples and "how to's": how does one set up basic authentication using properties files, and how does one set up authentication JDBC? I have read the sections in Chapter 8 in the docs, but this provides an overview, and does not lead one step-by-step through the necessary configuration.

            The examples and documentation provide information on all sorts of advanced topics, but doesn't provide basic information on how to set up authentication, at least not in a step-by-step fashion.

            Any help anyone may be able to provide would be greatly appreciated.

            Regards,
            Greg

            • 3. Re: JAAS with JBoss examples?
              richardberger

              I am a relative neophyte, but here is what I did to set up DBMS based authentication that works with both JAAS Callbacks (as seen in the code example in chapter 8) or with j_security_check (although as I am pursuing in other posts - they don't quite work seamlessly together).

              I think you can break the problem into two pieces - how to set up the environment and what code to write. Since chapter 8 has a good description of the code (and a good article can be found at: http://www.javaworld.com/javaworld/jw-09-2002/jw-0913-jaas.html), I will describe the Security Realm setup.

              Realm setup....
              I believe that in JBoss, there are three configuration files that need to change, two are in the application and one is in the "server environment". In addition, there is one line of code that needs to reference this realm.
              1. In web.xml - make sure you have a <realm-name>
              <login-config>
              <auth-method>FORM</auth-method>
              <realm-name>DrillSgtRealm</realm-name>
              <form-login-config>
              <form-login-page>/login.jsp</form-login-page>
              <form-error-page>/error.jsp</form-error-page>
              </form-login-config>
              </login-config>

              2. In jboss-web.xml:
              <security-domain>java:/jaas/DrillSgtRealm</security-domain>

              3. In conf/login-config.xml
              <application-policy name = "DrillSgtRealm">

              <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
              flag = "required">
              <module-option name = "dsJndiName">java:/DrillDB</module-option>
              <module-option name = "principalsQuery">select Password from UserDS where Email = ?</module-option>
              <module-option name = "rolesQuery">select Role, RoleGroup from RoleDS where Email = ?</module-option>
              </login-module>

              </application-policy>
              This is probably the most confusing part, but it is well documented in Chapter 8 under DatabaseServerLoginModule

              And we need to change the code....(see the example in Chapter 8)
              lc = new LoginContext("DrillSgtRealm", handler);

              At least this works for me using JBoss 3.0.2, mySQL 3.0, and running on Windows XP Pro.

              Good luck!
              RB