6 Replies Latest reply on Feb 9, 2012 10:31 AM by m.wuestemann

BASIC Authentication in AS7

goc May 9, 2011 7:58 AM

I'm running in some troubles using Basic Authentication in AS7 to secure the access to a simple test servlet.

Standard error message is:

[org.jboss.security.auth.spi.UsersRolesLoginModule] (http-localhost.localdomain-127.0.0.1-8080-1) Failed to load users/passwords/role files: java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found

Specifying the users.properties & roles.properties files in standalone.xml causes the same error:

[org.jboss.security.auth.spi.UsersRolesLoginModule] (http-localhost.localdomain-127.0.0.1-8080-1) Failed to load users/passwords/role files: java.io.IOException: No properties file: /absolute/path/to/users.properties or defaults: defaultUsers.properties found

The application's jboss-web.xml file looks like this:

<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE jboss-web
    PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
    "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">

<jboss-web>
    <security-domain>other</security-domain>
</jboss-web>

The servlet security is defined like this (web.xml):

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>All resources</web-resource-name>
            <description>Protects all resources</description>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>

        <auth-constraint>
            <role-name>role</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>Test Realm</realm-name>
    </login-config>

    <security-role>
        <role-name>role</role-name>
    </security-role>

Is there anything obvious that I could be missing?

P.S.: Sorry for my English

1. BASIC Authentication in AS7

alesj May 3, 2011 10:25 AM (in response to goc)

Do you have users.properties and roles.properties present in your app?
They need to be in the classpath, from the root.
Actions
2. BASIC Authentication in AS7

goc May 4, 2011 2:28 AM (in response to alesj)

Ah, it works now!
I placed the properties file everywhere else but forgot the classes folder.

Thx
Actions
3. BASIC Authentication in AS7

goc May 9, 2011 10:34 AM (in response to goc)

To give this post the right to exist in the AS 7 Development forum ...

Now I'm trying to set up an application using a custom authenticator.
So I created a module including it's specification file module.xml. Now I modified the org.jboss.as.web module's file and added a dependency to my custom module.
Worst of all, now I modified the jbossweb-7.0.0.CR1.jar and added my custom authenticator (Authenticators.properties).

After specifing the login modules in standalone.xml the deployment process works, but there has to be a better solution.

Perhapse I could use the customAuthenticators's Map out of ContextConfig, but don't know how ...
Any idea?

And again, sorry for my English
Actions

4. Re: BASIC Authentication in AS7

m.wuestemann Feb 8, 2012 9:13 AM (in response to alesj)

Hi,

I want to secure part of my webcontent on jboss with basic http authentication.

I change my web.xml to that configuration:

<security-constraint>
        <web-resource-collection>
            <web-resource-name>SdpSecureContent</web-resource-name>
            <url-pattern>/services/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>MyRole</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>MyRealm</realm-name>
    </login-config>
   <security-role>
        <role-name>MyRole</role-name>
   </security-role>

In the standalone.xml I added the security-domain

<subsystem xmlns="urn:jboss:domain:security:1.1">
           <....>
                <security-domain name="MyRole" cache-type="default">
                   <authentication>      
                        <login-module code="SecureIdentity" flag="required">
                            <module-option name="username" value="username"/>
                            <module-option name="password" value="1qayxsw2"/>
                        </login-module>
                    </authentication>     
                </security-domain>
        </subsystem>

When calling /services/* some webressource the authentcation promt cames up.

I try to enter the username and the password with no success.

I got the same error

ERROR [org.jboss.security.auth.spi.UsersRolesLoginModule] (http--0.0.0.0-8080-1) Failed to load users/passwords/role files: java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found

Now I tryed adding the properties files too my project.

With no success.

My web project is in a ear.

I'm using JBoss 7.1

Any ideas ?

5. Re: BASIC Authentication in AS7

rodakr Feb 9, 2012 9:41 AM (in response to m.wuestemann)

... I solve this telling picketboox login modul where to find those properties files with precision :-)

<security-domain name="other" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="optional">
                            <module-option name="usersProperties" value="file:${jboss.server.config.dir}/users.properties"/>
                            <module-option name="rolesProperties" value="file:${jboss.server.config.dir}/roles.properties"/>
                        </login-module>
Actions
6. Re: BASIC Authentication in AS7

m.wuestemann Feb 9, 2012 10:31 AM (in response to rodakr)

thanks radek ...

it got it working with the properties files in the classes folder of my project

but i like your solution much more ... now its works when the users.properties and roles.properties is availible in the configuration directory of jboss

realy helpfull thanks radek
Actions

Go to original post