13 Replies Latest reply: Apr 11, 2013 4:34 AM by james viet RSS

    How to setup JAAS in Jboss7

    Manish Garg Newbie

      I need information on setting users and roles in standalone.xml configuration file.

       

      In case of form based login method, what kind of code will be there in login method that willl authenticate users present in standalong.xml file.

       

      I also want to know the maven dependencies for JAAS if any.

        • 1. Re: How to setup JAAS in Jboss7
          Riccardo Pasquini Novice

          you have to configure the security module, see security.xsd in the doc directory, i have a working configuration like this:

           

                      <subsystem xmlns="urn:jboss:domain:security:1.1">
                          <security-domains>
                              <security-domain name="other">
                                  <authentication>
                                      <login-module code="UsersRoles" flag="required"/>
                                  </authentication>
                              </security-domain>
                              <security-domain name="MyRealm">
                                  <authentication>
                                      <login-module code="Database" flag="required">
                                          <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>
                                          <module-option name="principalsQuery" value="select passwd from Users where username=?"/>
                                          <module-option name="rolesQuery" value="select userRoles,'Roles' from UserRoles where username=?" />
                                          <module-option name="hashAlgorithm" value="MD5" />
                                          <module-option name="hashEncoding" value="base64" />
                                          <module-option name="unauthenticatedIdentity" value="guest"/>
                                      </login-module>
                                  </authentication>
                              </security-domain>
                          </security-domains>
                      </subsystem>
          
          

           

          here (https://docs.jboss.org/author/display/AS7/Security+subsystem+configuration) you can find additional infos.. it is not well documented but enough...

           

          this is my login page

           

                      <form method="post" action="j_security_check">
                          <h:panelGrid id="panel" columns="2" border="1">
                              <f:facet name="header">
                                  <h:outputText value="TODO" />
                              </f:facet>
                              <h:outputLabel value="#{labels['username']}" />
                              <input type="text" name="j_username" size="25" />
                              <h:outputLabel value="#{labels['password']}" />
                              <input type="password" size="15" name="j_password" />
                              <f:facet name="footer">
                                  <h:panelGroup
                                      style="display:block; text-align:center">
                                      <input type="submit"
                                          value="#{labels['submit']}" />
                                  </h:panelGroup>
                              </f:facet>
                          </h:panelGrid>
                      </form>
          

           

          there is no need of dependencies... just the std one:

           

                  <dependency>
                      <groupId>javax</groupId>
                      <artifactId>javaee-web-api</artifactId>
                      <version>6.0</version>
                      <scope>provided</scope>
                  </dependency>
          

           

          hope this can help

           

          bye

          • 2. Re: How to setup JAAS in Jboss7
            Manish Garg Newbie

            Thanks for the help and quick response.

             

            I need to configure user and roles in configuration file instead of database.

            Also when the login button is submitted, what should be logic to authenticate user so that the Security Constraint defined in web.xml file is valid?

            • 3. Re: How to setup JAAS in Jboss7
              Riccardo Pasquini Novice

              use the login-module UsersRoles

              files are looked up in the $JBOSS_HOME/standalone/configuration or $JBOSS_HOME/domain/servers/<srver_name>/configuration directory

              try to search in jboss 5 documentation the required module-option that you need for the file based authentication if you need to override default behaviors

               

              authentication business logic is delegated to the j_security_check servlet which is out of the application scope, on success you can access the secured paths with the principal in the context

               

              let me know if everything sounds good

               

              bye

              • 4. Re: How to setup JAAS in Jboss7
                Humberto Ferreira da Luz Jr. Novice

                Riccardo Pasquini, how should I reference the security-domain in my web application? Should I use web.xml like below?

                 

                <login-config>

                        <auth-method>FORM</auth-method>

                        <realm-name>myRealm</realm-name>

                        <form-login-config>

                            <form-login-page>/Login.xhtml</form-login-page>

                            <form-error-page>/LoginError.xhtml</form-error-page>

                        </form-login-config>

                    </login-config>

                 

                Or should I create a jboss-web.xml?

                 

                Thanks in advance.

                Riccardo Pasquini wrote:

                 

                you have to configure the security module, see security.xsd in the doc directory, i have a working configuration like this:

                 

                            <subsystem xmlns="urn:jboss:domain:security:1.1">                <security-domains>                    <security-domain name="other">                        <authentication>                            <login-module code="UsersRoles" flag="required"/>                        </authentication>                    </security-domain>                    <security-domain name="MyRealm">                        <authentication>                            <login-module code="Database" flag="required">                                <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>                                <module-option name="principalsQuery" value="select passwd from Users where username=?"/>                                <module-option name="rolesQuery" value="select userRoles,'Roles' from UserRoles where username=?" />                                <module-option name="hashAlgorithm" value="MD5" />                                <module-option name="hashEncoding" value="base64" />                                <module-option name="unauthenticatedIdentity" value="guest"/>                            </login-module>                        </authentication>                    </security-domain>                </security-domains>            </subsystem>

                 

                here (https://docs.jboss.org/author/display/AS7/Security+subsystem+configuration) you can find additional infos.. it is not well documented but enough...

                 

                this is my login page

                 

                            <form method="post" action="j_security_check">                <h:panelGrid id="panel" columns="2" border="1">                    <f:facet name="header">                        <h:outputText value="TODO" />                    </f:facet>                    <h:outputLabel value="#{labels['username']}" />                    <input type="text" name="j_username" size="25" />                    <h:outputLabel value="#{labels['password']}" />                    <input type="password" size="15" name="j_password" />                    <f:facet name="footer">                        <h:panelGroup
                                            style="display:block; text-align:center">                            <input type="submit"
                                                value="#{labels['submit']}" />                        </h:panelGroup>                    </f:facet>                </h:panelGrid>            </form>

                 

                there is no need of dependencies... just the std one:

                 

                        <dependency>            <groupId>javax</groupId>            <artifactId>javaee-web-api</artifactId>            <version>6.0</version>            <scope>provided</scope>        </dependency>

                 

                hope this can help

                 

                bye

                • 5. Re: How to setup JAAS in Jboss7
                  Riccardo Pasquini Novice

                  you need jboss-web.xml

                  something like this:

                   

                  <?xml version="1.0" encoding="UTF-8"?>
                  <jboss-web>
                      <security-domain>java:/jaas/MyRealm</security-domain>
                  </jboss-web>
                  
                  

                   

                  bye

                  • 6. Re: How to setup JAAS in Jboss7
                    Humberto Ferreira da Luz Jr. Novice

                    Thank you, now everything is working as expected. I'm really happy with JBoss AS 7. =)

                    • 7. Re: How to setup JAAS in Jboss7
                      James Chan Newbie

                      Can i do this in jboss 6 as well? if so would you know which files i would place the <security-domain> tag in?

                      • 9. Re: How to setup JAAS in Jboss7
                        Phanor Coll Newbie

                        I managed to do it, authentication works but when correct credentials a entered I get this ERROR:

                         

                        HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser

                         

                         

                        any suggestions? does anyone has a working example of JBOSS AS 7.1 and JAAS?

                        • 10. Re: How to setup JAAS in Jboss7
                          Riccardo Pasquini Novice

                          It is not an issue... it means you stayed too much time in the configured login form... just do what the message says

                           

                          bye

                          • 11. Re: How to setup JAAS in Jboss7
                            Sanjay Amatya Newbie

                            I haven't seen this issue. But looks like there is an issue with JBoss 7. More info and solution can be found here.

                            http://blog.amatya.net/2012/09/implementing-security-with-jaas-on.html

                            • 12. Re: How to setup JAAS in Jboss7
                              james viet Newbie

                              Hi,


                              I followed your step:

                              When I put username and password in conrect: error page will visible.

                              And server log throw error:

                              11:41:19,902  ERROR  [org.jboss.security.authentication.JBossCachedAuthenticationManager]  (http--192.168.95.22-8080-1) Login failure:  javax.security.auth.login.FailedLoginException: Password  Incorrect/Password Required
                                  at  org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270)  [picketbox-4.0.7.Final.jar:4.0.7.Final]
                                  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05]
                                  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05]
                                  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05]
                                  at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05]
                                  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_05]
                                  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_05]
                                  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_05]
                                  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_05]
                                  at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_05]
                                  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_05]
                                  at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_05]
                                   at  org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449)  [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
                                  at  org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383)  [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
                                  at  org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371)  [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
                                  at  org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160)  [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
                                  at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
                                  at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.13.Final.jar:]
                              ................................

                              But when I login by user and password correctly, then click submit button

                              Server didn't throw error.

                              I just receive firefox error page:

                              The connection was reset

                              The connection to the server was reset while the page was loading.

                              The site could be temporarily unavailable or too busy. Try again in a few moments.

                              If you are unable to load any pages, check your computer's network
                                  connection.

                              If your computer or network is protected by a firewall or proxy, make sure
                                  that Firefox is permitted to access the Web.

                              //

                              Could you plz give me your advise?

                              • 13. Re: How to setup JAAS in Jboss7
                                james viet Newbie

                                I resolved it. Because I should access to file in admin folder to authenticate.

                                If someone would like to have source for reference, please mail for me: jamesleviet@gmail.com