11 Replies Latest reply on Dec 1, 2008 9:00 AM by amit.u.purohit

    JAAS login without JSF or JSP

    dhartford

      Does anyone have an example application where using just .html/.xhtml, web.xml, components.xml, and a seam application, you can login/authenticate and simple example of authorization?


      I've been having a really, really hard time over the past 16 hours trying to do just that.


      The intent is for other UI utilization (such as GWT), but no working examples of JAAS without JSF/JSP seem to exist.


      Thanks, been pulling my hair out...


      -D

        • 1. Re: JAAS login without JSF or JSP
          dhinojosa

          This is worth a try. Complete the setup in 13.4.8.1 in the seam documentation which will use your container's JAAS configuration  You can just create an HTML/XHTML file with something like the following:


          <form id='security_check' action='j_security_check'>
             Username: <input type='text' id='j_username'/>
             Password: <input type='password' id='j_password'/>
          </form>
          



          and then implement your Authenticator which Seam will call on for you.

          • 2. Re: JAAS login without JSF or JSP
            dhartford

            yup, already tried that, and I still can't get it to work.


            The project I can not get to work is here (showing how much stuff I've already tried):
            http://jira.jboss.org/jira/browse/JBSEAM-2325


            Call me an idiot, I don't care, I need a full, working example to make sure nothing is missed.


            .html/.xhtml
            component.xml
            web.xml
            seam classes (like the authenticator)


            • 3. Re: JAAS login without JSF or JSP
              dhinojosa

              So....just checking on some other stuff.  I assume you already put all the security-constraints, web-resource-collections, and auth-constraints into the web.xml?  Another thing that I know is that if you use the jboss/tomcat combination or any tomcat based app, the JAAS security is challenge-based only.



              P.S. I won't call you an idiot, it's just not my style....Plus I tend to f**k things up more than a lot of people (just the way I learn) so I'd be a complete hypocrite in doing so. ;)


              • 4. Re: JAAS login without JSF or JSP
                dhartford
                <blockquote>
                _Daniel Hinojosa wrote on Feb 14, 2008 04:45 PM:_<br/>I assume you already put all the security-constraints, web-resource-collections, and auth-constraints into the web.xml
                </blockquote>

                yes, setup with web.xml <security-constraints>, tried without, and tried many other combinations -- one such implemented attempt with actual code and config files is at:

                http://jira.jboss.org/jira/browse/JBSEAM-2325

                Another forum thread I started couple months ago with no feedback here, but some discoveries that may or may not be correct:

                http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4109370#4109370

                And after this many months, still no idea how to handle JAAS without JSF/JSP.
                • 5. Re: JAAS login without JSF or JSP
                  dhartford
                  uh - WTF?  The forum just clipped all my content :-(

                  To repeat:

                  Yes, setup security contraint on web.xml.  Tried without security constraint. Tried a variety of combinations without success.  One sample implementation that I tried, with actual code and config files, is here:

                  http://jira.jboss.org/jira/browse/JBSEAM-2325

                  Old forum post with some info, but probably not useful as no one responded:

                  http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4109370#4109370

                  • 6. Re: JAAS login without JSF or JSP
                    christian.bauer

                    Did the text preview work? Did you use it? Did you use the formatting dropdown or the HELP? We need to know what the problem is.

                    • 7. Re: JAAS login without JSF or JSP
                      dhinojosa

                      Forgot to ask, did you also set up the JAAS on your app server, in login-config.xml?

                      • 8. Re: JAAS login without JSF or JSP
                        dhartford

                        yes, I setup the JAAS realm in the login-config.xml.


                        You can also dynamically load the JAAS realms through a jboss SAR approach, which is what I do (this is proven again and again, this works correctly).


                        <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="com.domain.app:service=DynamicLoginConfig">
                          <attribute name="AuthConfig">myapp-login-config.xml</attribute>
                          <depends optional-attribute-name="LoginConfigService">jboss.security:service=XMLLoginConfig</depends>
                          <depends optional-attribute-name="SecurityManagerService">jboss.security:service=JaasSecurityManager</depends>
                        </mbean>


                        However, the dynamic login approach has no bearing, as I've tested with directly changed login-config.xml as well just to make triple sure.

                        • 9. Re: JAAS login without JSF or JSP
                          dhartford

                          If someone could create a working sample project that uses the JAAS login approach without JSF or JSP, it would be very easy to move forward from there -- avoid a lot of question/answers about a capability or feature that may not exist.


                          The documentation has proven very clearly (to me) to be insufficient.  If someone feels the documentation is sufficient, prove me wrong with a working example  :-)

                          • 10. Re: JAAS login without JSF or JSP
                            dhartford

                            Seam login with JAAS without JSF or JSP (i.e. normal HTML/XHTML).  Intent is to incorporate with GWT (or, if you have a GWT example, that'll be great as well).

                            • 11. Re: JAAS login without JSF or JSP
                              amit.u.purohit

                              Hi Darren,


                              I too need implement JAAS security with HTML/JSP pages in JBOSS-Seam application. Do you have any sample application that you can share with me.


                              Thanks in advance,
                              Amit