12 Replies Latest reply on Aug 12, 2004 3:54 PM by jae77

    Integrating web application

      Hi,

      I like to integrate a web application into Nukes. The web application is built using the spring framework. There is a dispatcher servlet running which controls the application flow. What is the best or which solution is possible?

      1) Modify web.xml, so URL's with a pattern /billing are redirected to a particular web application.

      2) Write a module which processes the request and uses process(...) to include the Servlet response into the module.

      The web application should be thightly integrated into Nukes, a particular user should not see that another web application is running.

        • 1. Re: Integrating web application

          I have a similar situation that I'm trying to figure out and would be interested in this as well. Specifically, I would like to know how to integrate authentication so that when people authenticate to nukes, they are also authenticated to other webapps using the same credentials. Our existing applications use JAAS for authentication. Is there a way to propagate a nukes login to another app via JAAS?

          Thanks,
          gary.

          • 2. Re: Integrating web application
            slucio

            Same problem here. I am trying to integrate an existing JSF application with nukes, and specifically some of the login front-end, as well as newsgroups, etc. modules.

            I am trying to use a module to proxy to the JSPs, but I am struggling with that. Anyway someone could post further details than what's available on the Wikis?

            Thanks,
            Serge

            • 3. Re: Integrating web application

              No takers on this? Somebody, somewhere has to have done this before. It's a pretty critical subject IMO.

              The last thing I want is to have a site that is like every other PHP/Perl site out there where you have to login to all the cobbled together applications because there is no common authentication system.

              Last I knew, Nukes did not use JAAS. Is that still the case? If not, any plans to make Nukes use JAAS?

              gary.

              • 4. Re: Integrating web application
                theute

                I looked at it and decided to wait for the port of Nukes to a more recent JBoss to use a class of JBossSX that doesn't exist in the JBoss version we support.

                That new class will offer more flexibility. The problem is that we want an easy install process for default behavior.

                We don't want users to mess with:
                $JBOSS_HOME/server/default/conf/login-config.xml

                Instead JAAS configuration should be setup at deployment, it will be an easy fix as soon as we support JBoss 3.2.4 and above.

                • 5. Re: Integrating web application

                  I created a .sar file for one of my applications that dynamically adds it's security domain to JBoss without mucking with login-config.xml. It was extremely easy to do and took about an hour. If you are interested, I can post further info. I'd love to see this feature implemented earlier rather than later.

                  FYI, my solution works on 3.2.1. I've not tried it on newer versions, but I'd think it should work.

                  gary.

                  • 6. Re: Integrating web application
                    theute

                    I am interested, please tell me more on how you did here on the forum or you can email me if you want to add some code at users.sourceforge.net
                    preceded by theute@

                    • 7. Re: Integrating web application

                      I can't take full credit for all of the code because I found the concept and most of the code via google. But, I can't locate the original source it seems. I've tried some searches but no luck so far. If I can find the URL for where I found the original code, I will post it to give credit to the author.

                      Here are the files that make up my service...

                      MBean interface:
                      ----------------------------------------------------------------

                      import org.jboss.system.ServiceMBean;
                      
                      /**
                       * An mbean interface for a config service that pushes an xml based
                       * javax.security.auth.login.Configuration onto the config stack managed by
                       * the mbean whose name is given by the SecurityConfigName attribute.
                       *
                       **/
                      public interface SecurityConfigMBean extends ServiceMBean
                      {
                       /**
                       * Get the classpath resource name of the security configuration file
                       **/
                       public String getAuthConfig();
                      
                       /**
                       * Set the classpath resource name of the security configuration file
                       **/
                       public void setAuthConfig(String configURL);
                      
                       /**
                       * Get the name of the SecurityConfig mbean whose pushLoginConfig and
                       * popLoginConfig ops will be used to install and remove the xml login
                       * config
                       **/
                       public String getSecurityConfigName();
                      
                       /**
                       * Set the name of the SecurityConfig mbean whose pushLoginConfig and
                       * popLoginConfig ops will be used to install and remove the xml login
                       * config
                       **/
                       public void setSecurityConfigName(String objectName);
                      
                      ----------------------------------------------------------------


                      MBean implementation:
                      ----------------------------------------------------------------
                      import java.net.URL;
                      import java.util.Hashtable;
                      import javax.management.MBeanServer;
                      import javax.management.ObjectName;
                      import org.jboss.security.auth.login.XMLLoginConfig;
                      import org.jboss.system.ServiceMBeanSupport;
                      import org.apache.log4j.Logger;
                      
                      /**
                       * A security config mbean that loads an xml login configuration and
                       * pushes a XMLLoginConfig instance onto the the config stack managed by
                       * the SecurityConfigName mbean(default=jboss.security:name=SecurityConfig).
                       *
                       **/
                      public class SecurityConfig extends ServiceMBeanSupport
                       implements SecurityConfigMBean
                      {
                       // Constants -----------------------------------------------------
                      
                       // Attributes ----------------------------------------------------
                       private String authConf = "login-config.xml";
                       private XMLLoginConfig config = null;
                       private ObjectName mainSecurityConfig;
                       protected Logger log = Logger.getLogger(SecurityConfig.class);
                      
                       // Static --------------------------------------------------------
                      
                       // Constructors --------------------------------------------------
                       public SecurityConfig()
                       {
                       setSecurityConfigName("jboss.security:service=SecurityConfig");
                       }
                      
                       // Public --------------------------------------------------------
                       /**
                       * Get the name
                       **/
                       public String getName()
                       {
                       return "JAAS Login Config";
                       }
                      
                       /**
                       * Get securityConfigName
                       **/
                       public String getSecurityConfigName()
                       {
                       return mainSecurityConfig.toString();
                       }
                      
                       /**
                       * Set securityConfigName
                       **/
                       public void setSecurityConfigName(String objectName)
                       {
                       try
                       {
                       mainSecurityConfig = new ObjectName(objectName);
                       }
                       catch(Exception e)
                       {
                       log.fatal("Failed to create ObjectName", e);
                       }
                       }
                      
                       /**
                       * Get the resource path to the JAAS login configuration file to use.
                       **/
                       public String getAuthConfig()
                       {
                       return authConf;
                       }
                      
                       /**
                       * Set the resource path to the JAAS login configuration file to use.
                       * The default is "login-config.xml".
                       **/
                       public void setAuthConfig(String authConf)
                       {
                       this.authConf = authConf;
                       }
                      
                       // Protected --------------------------------------------------------
                       /**
                       * Start the service.
                       **/
                       protected void startService() throws Exception
                       {
                       // Look for the authConf as resource
                       ClassLoader loader = Thread.currentThread().getContextClassLoader();
                       URL loginConfig = loader.getResource(authConf);
                       if( loginConfig != null )
                       {
                       String securityConfigName = "MySecurityConfig";
                       log.info("Using securityConfigName: '"+securityConfigName+"'");
                       log.info("Using JAAS AuthConfig: "+loginConfig.toExternalForm());
                       config = new XMLLoginConfig();
                       config.setConfigURL(loginConfig);
                       config.start();
                       MBeanServer server = super.getServer();
                       ObjectName name = super.getServiceName();
                       Hashtable props = name.getKeyPropertyList();
                       props.put(securityConfigName, "XMLLoginConfig");
                       name = new ObjectName(name.getDomain(), props);
                       server.registerMBean(config, name);
                       Object[] args = {name.toString()};
                       String[] sig = {String.class.getName()};
                       server.invoke(mainSecurityConfig, "pushLoginConfig", args, sig);
                       }
                       else
                       {
                       log.warn("No AuthConfig resource found");
                       }
                       }
                      
                       /**
                       * Stop the service.
                       **/
                       protected void stopService() throws Exception
                       {
                       String securityConfigName = "PanelSecurityConfig";
                       log.info("Using securityConfigName: '"+securityConfigName+"'");
                       MBeanServer server = super.getServer();
                       ObjectName name = super.getServiceName();
                       Hashtable props = name.getKeyPropertyList();
                       props.put(securityConfigName, "XMLLoginConfig");
                       name = new ObjectName(name.getDomain(), props);
                       Object[] args = {};
                       String[] sig = {};
                       server.invoke(mainSecurityConfig, "popLoginConfig", args, sig);
                       server.unregisterMBean(name);
                       }
                      }
                      
                      ----------------------------------------------------------------

                      jboss-service.xml
                      ----------------------------------------------------------------
                      <?xml version="1.0" encoding="UTF-8"?>
                      <server>
                       <mbean code="com.innovationsw.panel.security.jmx.SecurityConfig"
                       name="ISG.panel:service=PanelSecurityLoginConfig">
                       <attribute name="AuthConfig">META-INF/login-config.xml</attribute>
                       <!-- The service which supports dynamic processing of login-config.xml
                       configurations.
                       -->
                       <depends>jboss.security:service=XMLLoginConfig</depends>
                       <!-- Optionally specify the security mgr service to use when
                       this service is stopped to flush the auth caches of the domains
                       registered by this service.
                       -->
                       <!-- only in jboss 4.0 series
                       <depends optional-attribute-name="SecurityManagerService">
                       jboss.security:service=JaasSecurityManager
                       </depends>
                       -->
                       </mbean>
                      </server>

                      ----------------------------------------------------------------

                      login-config.xml
                      ----------------------------------------------------------------
                      <policy>
                       <application-policy name = "MyRealm">
                       <authentication>
                       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
                       <module-option name = "dsJndiName">java:/MyDS</module-option>
                       <module-option name = "principalsQuery">SELECT password FROM users WHERE username=?</module-option>
                       <module-option name = "rolesQuery">SELECT role,rolegroup FROM users_role WHERE username=?</module-option>
                       <module-option name = "unauthenticatedIdentity">nobody</module-option>
                       </login-module>
                       </authentication>
                       </application-policy>
                      </policy>
                      
                      ----------------------------------------------------------------


                      • 8. Re: Integrating web application
                        theute

                        I still want to stick with DynamicLoginConfig as it's fully integrated with JBoss:
                        http://www.jboss.org/wiki/Wiki.jsp?page=DynamicLoginConfig

                        I understand the drawback is that Nukes won't be compatible with JBoss 3.2.3 and lower.

                        Julien the project leader will decide.

                        If there is more to say about design we should use the dev forum.

                        Thanks for sharing your code.

                        • 9. Re: Integrating web application

                          Ok. I had found the DynamicLoginConfig, but I'm not able to use the supported versions of JBoss yet, so needed something more immediate. If the work to make Nukes run on a late model JBoss will take considerable effort, the 1 or 2 hours of effort to implement my code would probably be worth it. It can always be deprecated and may get the project to support JAAS that much sooner.

                          Just my thoughts.

                          • 10. Re: Integrating web application
                            jae77

                            the code you are using is more or less directly out of the examples included w/ the jboss admin book. (at least w/ the paid subscription)

                            if you're in a hurry to get this done, there's nothing wrong w/ deploying the code yourself and then migrating once > 3.2.4 is supported. you're still going to need a deployment descriptor in order to hook up the secuirty configuration.

                            i already have this code written and more or less readily at hand. if you want it, pls let me know and i'll send it to you.

                            • 11. Re: Integrating web application

                              What is it that your code will accomplish? Is it code that integrates nukes with JAAS? My end goal is to have nukes integrated with other J2EE applications. If your code will help in this regard, then I guess I'm interested.

                              So far, I've not really found any other options for doing this.

                              • 12. Re: Integrating web application
                                jae77

                                no - it's just the code that you already pasted, but in .java file form.