-
1. Re: How to setup JAAS in Jboss7
morphy Nov 28, 2011 8:16 AM (in response to manishgarg123)1 of 1 people found this helpfulyou have to configure the security module, see security.xsd in the doc directory, i have a working configuration like this:
<subsystem xmlns="urn:jboss:domain:security:1.1"> <security-domains> <security-domain name="other"> <authentication> <login-module code="UsersRoles" flag="required"/> </authentication> </security-domain> <security-domain name="MyRealm"> <authentication> <login-module code="Database" flag="required"> <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/> <module-option name="principalsQuery" value="select passwd from Users where username=?"/> <module-option name="rolesQuery" value="select userRoles,'Roles' from UserRoles where username=?" /> <module-option name="hashAlgorithm" value="MD5" /> <module-option name="hashEncoding" value="base64" /> <module-option name="unauthenticatedIdentity" value="guest"/> </login-module> </authentication> </security-domain> </security-domains> </subsystem>
here (https://docs.jboss.org/author/display/AS7/Security+subsystem+configuration) you can find additional infos.. it is not well documented but enough...
this is my login page
<form method="post" action="j_security_check"> <h:panelGrid id="panel" columns="2" border="1"> <f:facet name="header"> <h:outputText value="TODO" /> </f:facet> <h:outputLabel value="#{labels['username']}" /> <input type="text" name="j_username" size="25" /> <h:outputLabel value="#{labels['password']}" /> <input type="password" size="15" name="j_password" /> <f:facet name="footer"> <h:panelGroup style="display:block; text-align:center"> <input type="submit" value="#{labels['submit']}" /> </h:panelGroup> </f:facet> </h:panelGrid> </form>
there is no need of dependencies... just the std one:
<dependency> <groupId>javax</groupId> <artifactId>javaee-web-api</artifactId> <version>6.0</version> <scope>provided</scope> </dependency>
hope this can help
bye
-
2. Re: How to setup JAAS in Jboss7
manishgarg123 Nov 28, 2011 9:18 AM (in response to morphy)Thanks for the help and quick response.
I need to configure user and roles in configuration file instead of database.
Also when the login button is submitted, what should be logic to authenticate user so that the Security Constraint defined in web.xml file is valid?
-
3. Re: How to setup JAAS in Jboss7
morphy Nov 28, 2011 9:25 AM (in response to manishgarg123)1 of 1 people found this helpfuluse the login-module UsersRoles
files are looked up in the $JBOSS_HOME/standalone/configuration or $JBOSS_HOME/domain/servers/<srver_name>/configuration directory
try to search in jboss 5 documentation the required module-option that you need for the file based authentication if you need to override default behaviors
authentication business logic is delegated to the j_security_check servlet which is out of the application scope, on success you can access the secured paths with the principal in the context
let me know if everything sounds good
bye
-
4. Re: How to setup JAAS in Jboss7
hfluz Dec 8, 2011 5:45 AM (in response to morphy)Riccardo Pasquini, how should I reference the security-domain in my web application? Should I use web.xml like below?
<login-config>
<auth-method>FORM</auth-method>
<realm-name>myRealm</realm-name>
<form-login-config>
<form-login-page>/Login.xhtml</form-login-page>
<form-error-page>/LoginError.xhtml</form-error-page>
</form-login-config>
</login-config>
Or should I create a jboss-web.xml?
Thanks in advance.
Riccardo Pasquini wrote:
you have to configure the security module, see security.xsd in the doc directory, i have a working configuration like this:
<subsystem xmlns="urn:jboss:domain:security:1.1"> <security-domains> <security-domain name="other"> <authentication> <login-module code="UsersRoles" flag="required"/> </authentication> </security-domain> <security-domain name="MyRealm"> <authentication> <login-module code="Database" flag="required"> <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/> <module-option name="principalsQuery" value="select passwd from Users where username=?"/> <module-option name="rolesQuery" value="select userRoles,'Roles' from UserRoles where username=?" /> <module-option name="hashAlgorithm" value="MD5" /> <module-option name="hashEncoding" value="base64" /> <module-option name="unauthenticatedIdentity" value="guest"/> </login-module> </authentication> </security-domain> </security-domains> </subsystem>
here (https://docs.jboss.org/author/display/AS7/Security+subsystem+configuration) you can find additional infos.. it is not well documented but enough...
this is my login page
<form method="post" action="j_security_check"> <h:panelGrid id="panel" columns="2" border="1"> <f:facet name="header"> <h:outputText value="TODO" /> </f:facet> <h:outputLabel value="#{labels['username']}" /> <input type="text" name="j_username" size="25" /> <h:outputLabel value="#{labels['password']}" /> <input type="password" size="15" name="j_password" /> <f:facet name="footer"> <h:panelGroup style="display:block; text-align:center"> <input type="submit" value="#{labels['submit']}" /> </h:panelGroup> </f:facet> </h:panelGrid> </form>
there is no need of dependencies... just the std one:
<dependency> <groupId>javax</groupId> <artifactId>javaee-web-api</artifactId> <version>6.0</version> <scope>provided</scope> </dependency>
hope this can help
bye
-
5. Re: How to setup JAAS in Jboss7
morphy Dec 8, 2011 11:59 AM (in response to hfluz)you need jboss-web.xml
something like this:
<?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>java:/jaas/MyRealm</security-domain> </jboss-web>
bye
-
6. Re: How to setup JAAS in Jboss7
hfluz Dec 8, 2011 2:32 PM (in response to morphy)Thank you, now everything is working as expected. I'm really happy with JBoss AS 7. =)
-
7. Re: How to setup JAAS in Jboss7
jamesmarkchan Jul 3, 2012 5:49 PM (in response to morphy)Can i do this in jboss 6 as well? if so would you know which files i would place the <security-domain> tag in?
-
8. Re: How to setup JAAS in Jboss7
sanjayamatya Feb 6, 2014 11:38 PM (in response to jamesmarkchan)You can find step by step instructoins here:
http://blog.amatya.net/2012/09/implementing-security-with-jaas-on.html
-
9. Re: How to setup JAAS in Jboss7
pcoll Nov 7, 2012 4:34 PM (in response to morphy)I managed to do it, authentication works but when correct credentials a entered I get this ERROR:
HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
any suggestions? does anyone has a working example of JBOSS AS 7.1 and JAAS?
-
10. Re: How to setup JAAS in Jboss7
morphy Nov 8, 2012 4:09 AM (in response to pcoll)It is not an issue... it means you stayed too much time in the configured login form... just do what the message says
bye
-
11. Re: How to setup JAAS in Jboss7
sanjayamatya Feb 6, 2014 11:37 PM (in response to morphy)I haven't seen this issue. But looks like there is an issue with JBoss 7. More info and solution can be found here.
http://blog.amatya.net/2012/09/implementing-security-with-jaas-on.html
-
12. Re: How to setup JAAS in Jboss7
jamesviet Apr 11, 2013 12:54 AM (in response to sanjayamatya)Hi,
I followed your step:When I put username and password in conrect: error page will visible.
And server log throw error:
11:41:19,902 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--192.168.95.22-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05]
at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_05]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_05]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_05]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_05]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_05]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_05]
at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_05]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.13.Final.jar:]
................................But when I login by user and password correctly, then click submit button
Server didn't throw error.
I just receive firefox error page:
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network
connection.If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.//
Could you plz give me your advise?
-
13. Re: How to setup JAAS in Jboss7
jamesviet Apr 11, 2013 4:34 AM (in response to jamesviet)I resolved it. Because I should access to file in admin folder to authenticate.
If someone would like to have source for reference, please mail for me: jamesleviet@gmail.com