13 Replies Latest reply on Apr 11, 2013 4:34 AM by jamesviet

    How to setup JAAS in Jboss7

    manishgarg123

      I need information on setting users and roles in standalone.xml configuration file.

       

      In case of form based login method, what kind of code will be there in login method that willl authenticate users present in standalong.xml file.

       

      I also want to know the maven dependencies for JAAS if any.

        • 1. Re: How to setup JAAS in Jboss7
          morphy

          you have to configure the security module, see security.xsd in the doc directory, i have a working configuration like this:

           

                      <subsystem xmlns="urn:jboss:domain:security:1.1">
                          <security-domains>
                              <security-domain name="other">
                                  <authentication>
                                      <login-module code="UsersRoles" flag="required"/>
                                  </authentication>
                              </security-domain>
                              <security-domain name="MyRealm">
                                  <authentication>
                                      <login-module code="Database" flag="required">
                                          <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>
                                          <module-option name="principalsQuery" value="select passwd from Users where username=?"/>
                                          <module-option name="rolesQuery" value="select userRoles,'Roles' from UserRoles where username=?" />
                                          <module-option name="hashAlgorithm" value="MD5" />
                                          <module-option name="hashEncoding" value="base64" />
                                          <module-option name="unauthenticatedIdentity" value="guest"/>
                                      </login-module>
                                  </authentication>
                              </security-domain>
                          </security-domains>
                      </subsystem>
          
          

           

          here (https://docs.jboss.org/author/display/AS7/Security+subsystem+configuration) you can find additional infos.. it is not well documented but enough...

           

          this is my login page

           

                      <form method="post" action="j_security_check">
                          <h:panelGrid id="panel" columns="2" border="1">
                              <f:facet name="header">
                                  <h:outputText value="TODO" />
                              </f:facet>
                              <h:outputLabel value="#{labels['username']}" />
                              <input type="text" name="j_username" size="25" />
                              <h:outputLabel value="#{labels['password']}" />
                              <input type="password" size="15" name="j_password" />
                              <f:facet name="footer">
                                  <h:panelGroup
                                      style="display:block; text-align:center">
                                      <input type="submit"
                                          value="#{labels['submit']}" />
                                  </h:panelGroup>
                              </f:facet>
                          </h:panelGrid>
                      </form>
          

           

          there is no need of dependencies... just the std one:

           

                  <dependency>
                      <groupId>javax</groupId>
                      <artifactId>javaee-web-api</artifactId>
                      <version>6.0</version>
                      <scope>provided</scope>
                  </dependency>
          

           

          hope this can help

           

          bye

          1 of 1 people found this helpful
          • 2. Re: How to setup JAAS in Jboss7
            manishgarg123

            Thanks for the help and quick response.

             

            I need to configure user and roles in configuration file instead of database.

            Also when the login button is submitted, what should be logic to authenticate user so that the Security Constraint defined in web.xml file is valid?

            • 3. Re: How to setup JAAS in Jboss7
              morphy

              use the login-module UsersRoles

              files are looked up in the $JBOSS_HOME/standalone/configuration or $JBOSS_HOME/domain/servers/<srver_name>/configuration directory

              try to search in jboss 5 documentation the required module-option that you need for the file based authentication if you need to override default behaviors

               

              authentication business logic is delegated to the j_security_check servlet which is out of the application scope, on success you can access the secured paths with the principal in the context

               

              let me know if everything sounds good

               

              bye

              1 of 1 people found this helpful
              • 4. Re: How to setup JAAS in Jboss7
                hfluz

                Riccardo Pasquini, how should I reference the security-domain in my web application? Should I use web.xml like below?

                 

                <login-config>

                        <auth-method>FORM</auth-method>

                        <realm-name>myRealm</realm-name>

                        <form-login-config>

                            <form-login-page>/Login.xhtml</form-login-page>

                            <form-error-page>/LoginError.xhtml</form-error-page>

                        </form-login-config>

                    </login-config>

                 

                Or should I create a jboss-web.xml?

                 

                Thanks in advance.

                Riccardo Pasquini wrote:

                 

                you have to configure the security module, see security.xsd in the doc directory, i have a working configuration like this:

                 

                            <subsystem xmlns="urn:jboss:domain:security:1.1">                <security-domains>                    <security-domain name="other">                        <authentication>                            <login-module code="UsersRoles" flag="required"/>                        </authentication>                    </security-domain>                    <security-domain name="MyRealm">                        <authentication>                            <login-module code="Database" flag="required">                                <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>                                <module-option name="principalsQuery" value="select passwd from Users where username=?"/>                                <module-option name="rolesQuery" value="select userRoles,'Roles' from UserRoles where username=?" />                                <module-option name="hashAlgorithm" value="MD5" />                                <module-option name="hashEncoding" value="base64" />                                <module-option name="unauthenticatedIdentity" value="guest"/>                            </login-module>                        </authentication>                    </security-domain>                </security-domains>            </subsystem>

                 

                here (https://docs.jboss.org/author/display/AS7/Security+subsystem+configuration) you can find additional infos.. it is not well documented but enough...

                 

                this is my login page

                 

                            <form method="post" action="j_security_check">                <h:panelGrid id="panel" columns="2" border="1">                    <f:facet name="header">                        <h:outputText value="TODO" />                    </f:facet>                    <h:outputLabel value="#{labels['username']}" />                    <input type="text" name="j_username" size="25" />                    <h:outputLabel value="#{labels['password']}" />                    <input type="password" size="15" name="j_password" />                    <f:facet name="footer">                        <h:panelGroup
                                            style="display:block; text-align:center">                            <input type="submit"
                                                value="#{labels['submit']}" />                        </h:panelGroup>                    </f:facet>                </h:panelGrid>            </form>

                 

                there is no need of dependencies... just the std one:

                 

                        <dependency>            <groupId>javax</groupId>            <artifactId>javaee-web-api</artifactId>            <version>6.0</version>            <scope>provided</scope>        </dependency>

                 

                hope this can help

                 

                bye

                • 5. Re: How to setup JAAS in Jboss7
                  morphy

                  you need jboss-web.xml

                  something like this:

                   

                  <?xml version="1.0" encoding="UTF-8"?>
                  <jboss-web>
                      <security-domain>java:/jaas/MyRealm</security-domain>
                  </jboss-web>
                  
                  

                   

                  bye

                  • 6. Re: How to setup JAAS in Jboss7
                    hfluz

                    Thank you, now everything is working as expected. I'm really happy with JBoss AS 7. =)

                    • 7. Re: How to setup JAAS in Jboss7
                      jamesmarkchan

                      Can i do this in jboss 6 as well? if so would you know which files i would place the <security-domain> tag in?

                      • 8. Re: How to setup JAAS in Jboss7
                        sanjayamatya
                        • 9. Re: How to setup JAAS in Jboss7
                          pcoll

                          I managed to do it, authentication works but when correct credentials a entered I get this ERROR:

                           

                          HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser

                           

                           

                          any suggestions? does anyone has a working example of JBOSS AS 7.1 and JAAS?

                          • 10. Re: How to setup JAAS in Jboss7
                            morphy

                            It is not an issue... it means you stayed too much time in the configured login form... just do what the message says

                             

                            bye

                            • 11. Re: How to setup JAAS in Jboss7
                              sanjayamatya

                              I haven't seen this issue. But looks like there is an issue with JBoss 7. More info and solution can be found here.

                              http://blog.amatya.net/2012/09/implementing-security-with-jaas-on.html

                              • 12. Re: How to setup JAAS in Jboss7
                                jamesviet

                                Hi,


                                I followed your step:

                                When I put username and password in conrect: error page will visible.

                                And server log throw error:

                                11:41:19,902  ERROR  [org.jboss.security.authentication.JBossCachedAuthenticationManager]  (http--192.168.95.22-8080-1) Login failure:  javax.security.auth.login.FailedLoginException: Password  Incorrect/Password Required
                                    at  org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270)  [picketbox-4.0.7.Final.jar:4.0.7.Final]
                                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05]
                                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05]
                                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05]
                                    at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05]
                                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_05]
                                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_05]
                                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_05]
                                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_05]
                                    at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_05]
                                    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_05]
                                    at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_05]
                                     at  org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449)  [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
                                    at  org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383)  [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
                                    at  org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371)  [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
                                    at  org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160)  [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
                                    at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
                                    at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.13.Final.jar:]
                                ................................

                                But when I login by user and password correctly, then click submit button

                                Server didn't throw error.

                                I just receive firefox error page:

                                The connection was reset

                                The connection to the server was reset while the page was loading.

                                The site could be temporarily unavailable or too busy. Try again in a few moments.

                                If you are unable to load any pages, check your computer's network
                                    connection.

                                If your computer or network is protected by a firewall or proxy, make sure
                                    that Firefox is permitted to access the Web.

                                //

                                Could you plz give me your advise?

                                • 13. Re: How to setup JAAS in Jboss7
                                  jamesviet

                                  I resolved it. Because I should access to file in admin folder to authenticate.

                                  If someone would like to have source for reference, please mail for me: jamesleviet@gmail.com