2 Replies Latest reply: Dec 30, 2011 5:54 PM by chris81t RSS

    AS7 : Security Domain Model - need help!

    chris81t Newbie

      Hello,

       

      I'm writing a web application ( using JBoss AS7.0.2 ) which requires a login. A few month's ago I have written a custom loginModule / Realm for the glassfish server ( custom while using db-tables that knows the login-informations. I know that DatabaseModules exist, but the given/required table structure of that existing db-module doesn't match with my db-model )

       

      I have found following article: http://community.jboss.org/wiki/JBossAS7SecurityDomainModel

       

      There I found the hint to the article: http://community.jboss.org/wiki/JBossAS7SecurityCustomLoginModules

       

      First question: Is a custom login module only possible with the coming AS 7.1 release? Or can I use it with my AS 7.0.2 app-server?

       

       

      So my first step is to write a simple prototype- example web application, which uses the UsersRoles Security Domain.

       

      First I have added to the standalone.xml following part (<security-domain name="form-auth" cache-type="default">...</security-domain>):

       

       

                  <security-domains>
                      <security-domain name="other" cache-type="default">
                          <authentication>
                              <login-module code="Disabled" flag="required"/>
                          </authentication>
                      </security-domain>
                      <security-domain name="form-auth" cache-type="default">
                          <authentication>
                              <login-module code="UsersRoles" flag="required">
                                  <module-option name="usersProperties" value="users.properties"/>
                                  <module-option name="rolesProperties" value="roles.properties"/>
                              </login-module>
                          </authentication>
                      </security-domain>
                  </security-domains>
      
      

       

      Now my web- example project (JSF2.0 using CDI) (is attached as an eclipse project to this post):

       

      - the project contains the properties files

       

      I have got as the welcome page a start.xhtml. While defined the security-constraint in the web.xml the login.xhtml page (two input fields for user/password and one commandButton for the login) should be called, if an access to the start.xhtml will occur.

       

      Here some code-snippets:

       

      The managed bean, which executes the login while pressing the commandButton:

      @Named
      @RequestScoped
      public class LoginBean implements Serializable {
      
      
                private static final long serialVersionUID = -6308095244497641582L;
                private String user;
                private String password;
      
                public String getUser() {
                          return user;
                }
                public void setUser(String user) {
                          this.user = user;
                }
                public String getPassword() {
                          return password;
                }
                public void setPassword(String password) {
                          this.password = password;
                }
      
                public String login() {
                          FacesContext fc = FacesContext.getCurrentInstance();
                          ExternalContext ec = fc.getExternalContext();
                          HttpServletRequest hsr = (HttpServletRequest) ec.getRequest();
      
                          try {
                                    hsr.login(user, password);  
                          }
                          catch (ServletException se) { 
                                    // create a message to inform the user
                                    FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_WARN,
                                                                                                                              "Ein falscher Profilname und " +
                                                                                                                              "oder ein falsches Passwort " +
                                                                                                                              "wurde eingegeben!",
                                                                                                                              null);
                                    fc.addMessage(null, msg);
                                    return null;
                          } 
      
                          // for the first test simply navigate to the one existing page
                          return "/start";
                }
      }
      

       

      web.xml

      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                           xmlns="http://java.sun.com/xml/ns/javaee" 
                           xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
                           xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
                           id="WebApp_ID" 
                           version="3.0">
      
         <display-name>LoginExample</display-name>
      
      
        <!-- Change to "Production" when you are ready to deploy -->
        <context-param>
          <param-name>javax.faces.PROJECT_STAGE</param-name>
          <param-value>Development</param-value>
        </context-param>
      
        <!-- Welcome page -->
        <welcome-file-list>
          <welcome-file>/start.xhtml</welcome-file>
        </welcome-file-list>
      
        <servlet>
          <servlet-name>Faces Servlet</servlet-name>
          <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
          <load-on-startup>1</load-on-startup>
        </servlet>
      
      
        <servlet-mapping>
          <servlet-name>Faces Servlet</servlet-name>
          <url-pattern>*.xhtml</url-pattern>
        </servlet-mapping>  
      
      
        <!-- Define a Security Constraint on this Application -->
        <security-constraint>
          <web-resource-collection>
            <web-resource-name>SALES Application</web-resource-name>
            <url-pattern>/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
             <role-name>user</role-name>
          </auth-constraint>
        </security-constraint>
      
      
        <!-- Define the Login Configuration for this Application -->
        <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>Login Example Application</realm-name>
          <form-login-config>
             <form-login-page>/login.xhtml</form-login-page>
             <form-error-page>/failure.xhtml</form-error-page>
          </form-login-config>
        </login-config>
      
      
        <!-- Security roles referenced by this web application -->
        <security-role>
          <description>
            The role that is required to log in to the Example Application
          </description>
          <role-name>user</role-name>
        </security-role>
      
      </web-app>
      
      

       

      jboss-web.xml

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
                <security-domain>form-auth</security-domain>
                <disable-audit>true</disable-audit>
                <context-root>/login</context-root>
      </jboss-web>
      
      

       

      during the deployment the jboss fails with following error:

       

      15:56:16,109 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-10) MSC00001: Failed to start service jboss.deployment.unit."SecurityDomainLoginExample.war".PARSE: org.jboss.msc.service.StartException in service jboss.deployment.unit."SecurityDomainLoginExample.war".PARSE: Failed to process phase PARSE of deployment "SecurityDomainLoginExample.war"

                at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:121) [jboss-as-server-7.0.2.Final.jar:7.0.2.Final]

                at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1824) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]

                at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1759) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [:1.7.0_b147-icedtea]

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [:1.7.0_b147-icedtea]

                at java.lang.Thread.run(Thread.java:722) [:1.7.0_b147-icedtea]

      Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: Failed to parse "/content/SecurityDomainLoginExample.war/WEB-INF/jboss-web.xml" at [4,2]

                at org.jboss.as.web.deployment.JBossWebParsingDeploymentProcessor.deploy(JBossWebParsingDeploymentProcessor.java:68)

                at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:115) [jboss-as-server-7.0.2.Final.jar:7.0.2.Final]

                ... 5 more

       

       

      15:56:16,111 INFO  [org.jboss.as.controller] (DeploymentScanner-threads - 2) Service status report

        Services which failed to start:

            service jboss.deployment.unit."SecurityDomainLoginExample.war".PARSE: org.jboss.msc.service.StartException in service jboss.deployment.unit."SecurityDomainLoginExample.war".PARSE: Failed to process phase PARSE of deployment "SecurityDomainLoginExample.war"

       

       

       

      Can anybody help me? Thank's!

       

      Regards,

      Christian