5 Replies Latest reply on Apr 23, 2003 8:52 AM by vassago

    Login Window

      Hi all,
      does anyone know where can I find an example of login authentication using a Login Window?
      I took a look at DatabaseLoginModule and sort of understood how things get done, but interfacing with the user is still under shadows :-(
      TIA,
      Alphonsus.

        • 1. Re: Login Window
          alexlzl

          Use BASIC login config in your web.xml, then IE will pop up the login window for you.

          <web-app>
          <display-name>Secure Application</display-name>
          <security-constraint>
          <web-resource-collection>
          <web-resource-name>Secure Realm</web-resource-name>
          <url-pattern>/*</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
          </web-resource-collection>
          <auth-constraint>
          <role-name>admin</role-name>
          </auth-constraint>
          </security-constraint>
          <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>Secure Realm</realm-name>
          </login-config>
          <security-role>
          Real world admin role
          <role-name>admin</role-name>
          </security-role>
          </web-app>

          Then, in jboss-web.xml, give your web app a security domain:

          <jboss-web>
          <security-domain>java:/jaas/test</security-domain>
          </jboss-web>

          Then in login-config.xml, set the LoginModule for this security domain, like:

          <application-policy name = "test">

          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
          flag = "required" />

          </application-policy>

          • 2. Re: Login Window

            Thanks a lot Alex. It worked fine. Now I'm trying to make it work with DatabaseServerLoginModule but I haven't had success. Thought just needed to change the login-module code but that didn't do it. I'd really appreciate some help.
            Thanks again,
            Alphonsus.

            (Tables and values seems correct)

            • 3. Re: Login Window
              vassago

              This example looks good, I've implemented it to secure my /backoffice pages and the login request pop-ups. But where do you place the actual usernames, roles and passwords?? (I hoped that the build in admin account of Win2k could be used but that doesn't seem to be the case since login failed).

              I tried to create users.properties and roles.properties in WEB-INF but that did not work (someone said they should be placed in the _root_ folder of the war-file, but that is obviously false since then they are accessible by anyone simply by browsing to /yourApp/users.properties which of course would be horrible).
              Btw, that auth.conf file which is mentioned by some is, according to the documentation, obsolete, you should rather use login-config.xml, but still, where to place the usernames and passwords? With the application policy in login-config.xml? And if so, exactly how?

              Thanks in advance.

              • 4. Re: Login Window
                vassago

                This example looks good, I've implemented it to secure my /backoffice pages and the login request pop-ups. But where do you place the actual usernames, roles and passwords?? (I hoped that the build in admin account of Win2k could be used but that doesn't seem to be the case since login failed).

                I tried to create users.properties and roles.properties in WEB-INF but that did not work (someone said they should be placed in the _root_ folder of the war-file, but that is obviously false since then they are accessible by anyone simply by browsing to /yourApp/users.properties which of course would be horrible).
                Btw, that auth.conf file which is mentioned by some is, according to the documentation, obsolete, you should rather use login-config.xml, but still, where to place the usernames and passwords? With the application policy in login-config.xml? And if so, exactly how? I tried with:

                <application-policy name="backofficeDomain">

                <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required">
                <module-option name="userName">myUsername</module-option>
                <module-option name="password">myPassword</module-option>
                </login-module>

                </application-policy>

                but that did not work either. :(

                Thanks in advance.

                • 5. Re: Login Window
                  vassago

                  This example looks good, I've implemented it to secure my /backoffice pages and the login request pop-ups. But where do you place the actual usernames, roles and passwords?? (I hoped that the build in admin account of Win2k could be used but that doesn't seem to be the case since login failed).

                  I tried to create users.properties and roles.properties in WEB-INF but that did not work (someone said they should be placed in the _root_ folder of the war-file, but that is obviously false since then they are accessible by anyone simply by browsing to /yourApp/users.properties which of course would be horrible).
                  Btw, that auth.conf file which is mentioned by some is, according to the documentation, obsolete, you should rather use login-config.xml, but still, where to place the usernames and passwords? With the application policy in login-config.xml? And if so, exactly how? I tried with:

                  <application-policy name="backofficeDomain">

                  <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required">
                  <module-option name="userName">myUsername</module-option>
                  <module-option name="password">myPassword</module-option>
                  </login-module>

                  </application-policy>

                  but that did not work either. :(

                  Frankly I dont know why all these configuration settings have to be split up into so many files
                  using different formats, wouldn't be better and easier of all configuration info could be held
                  in web.xml in an uniform format!?

                  Thanks in advance.

                  PS
                  Doesnt forum posting work properly?
                  Tried several posts without any visible result
                  yet.
                  DS