This content has been marked as final.
Show 3 replies
-
1. Re: JAAS login with JBoss Seam
msduk Mar 27, 2007 12:42 PM (in response to fady.matar)It might be true now but I had configuration hell...
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd"> <jboss-web> <security-domain>java:/jaas/fooSecurityPolicy</security-domain> <!-- Resource Environment References --> <!-- Resource references --> <!-- EJB References --> </jboss-web> <?xml version='1.0'?> <!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN" "http://www.jboss.org/j2ee/dtd/security_config.dtd"> <policy> <application-policy name="fooSecurityPolicy"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName"> java:/fooDatasource </module-option> <module-option name="principalsQuery"> SELECT password FROM user WHERE userId=?; </module-option> <module-option name="rolesQuery"> SELECT role, 'Roles' FROM role r INNER JOIN user u ON u.userID = r.userID WHERE u.userId=? </module-option> <module-option name="ignorePasswordCase">true</module-option> <module-option name="hashCharset">UTF-8</module-option> <module-option name="hashEncoding">hex</module-option> <module-option name="hashAlgorithm">MD5</module-option> </login-module> </authentication> </application-policy> </policy> <?xml version="1.0" encoding="UTF-8"?> <server> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="foo:service=DynamicLoginConfig"> <attribute name="AuthConfig">foo-login-config.xml</attribute> <depends optional-attribute-name="LoginConfigService"> jboss.security:service=XMLLoginConfig </depends> <depends optional-attribute-name="SecurityManagerService"> jboss.security:service=JaasSecurityManager </depends> </mbean> </server> <security-constraint> <web-resource-collection> <web-resource-name>Secure Area</web-resource-name> <description>Security for Protected Pages</description> <url-pattern>/secure/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <description>Only valid users can use the secure resources</description> <role-name>fooUser</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Admin Area</web-resource-name> <description>Administrator Protected Pages</description> <url-pattern>/admin/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <description>Only valid admin users can use the secure resources</description> <role-name>fooAdmin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>fooSecurityPolicy</realm-name> <form-login-config> <form-login-page>/login.seam</form-login-page> <form-error-page>/loginError.seam</form-error-page> </form-login-config> </login-config> <security-role> <description>An foo system user</description> <role-name>fooUser</role-name> </security-role> <security-role> <description>An foo admin user</description> <role-name>fooAdmin</role-name> </security-role> <ejb-jar> <security-domain>java:/jaas/fooSecurityPolicy</security-domain> <assembly-descriptor> <interceptor-binding> <ejb-name>*</ejb-name> <interceptor-class>org.jboss.seam.ejb.SeamInterceptor</interceptor-class> </interceptor-binding> </assembly-descriptor> </ejb-jar> <jboss-app> <module> <service>foo-login-service.xml</service> </module> <loader-repository> seam.jboss.org:loader=foo </loader-repository> </jboss-app>
Personally I would use the simplified version if you can. I have always disliked JAAS. -
2. Re: JAAS login with JBoss Seam
lcoetzee Mar 28, 2007 10:16 AM (in response to fady.matar)The Seam wiki contains an example (now outdated). Look under the Deprecated & Old Stuff heading.
http://www.jboss.com/wiki/Wiki.jsp?page=JBossSeam
L -
3. Re: JAAS login with JBoss Seam
fady.matar Mar 28, 2007 11:43 AM (in response to fady.matar)This approach worked for me before, but I was wondering if the identity component can be wired.
Using the regular authentication / authorization module makes the seam identity component useless.
I believe that one approach to benefit from the identity module is to write the LDAP authentication within the authenticate method and provide an XML configuration to make it more or less portable. I would like to get Gavin's feedback on that