4 Replies Latest reply on Nov 22, 2012 9:48 AM by shaikhdahood

    Form based authentication in Jboss 7.1

    shaikhdahood

      Hi,

      I have an application deployed on Jboss 7.1 thunder, tried to add form based auhtentication to it, but i am getting below error can anyone please help me in this..

       

      below are the details of what i have tried configuring to achieve the form based authentication.

      jboss-web.xml

      <jboss-web>

       

       

          <security-domain>java:/jaas/FormBasedAuthWebAppPolicy</security-domain>

       

       

          <context-root>/OEprofWeb2</context-root>

       

       

      </jboss-web>

       

      application-roles.properties

      shaikh=View

      application-users.properties

      shaikh=jboss

      standalone.xml

      <login-module code="RealmUsersRoles" flag="required">

                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                                  <module-option name="realm" value="ApplicationRealm"/>

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

      web.xml

      <security-constraint>

              <display-name>Security Constraints</display-name>

              <web-resource-collection>

                  <web-resource-name>Investigate Page Flow directory</web-resource-name>

                  <url-pattern>/orderEntry/*</url-pattern>

                  <url-pattern>/com/*</url-pattern>

                  <http-method>GET</http-method>

                  <http-method>POST</http-method>

              </web-resource-collection>

              <auth-constraint>

                  <role-name>View</role-name>

              </auth-constraint>

              <user-data-constraint>

                  <transport-guarantee>NONE</transport-guarantee>

              </user-data-constraint>

          </security-constraint>

          <login-config>

              <auth-method>FORM</auth-method>

              <realm-name>default</realm-name>

              <form-login-config>

                  <form-login-page>/orderEntry/login.jsp</form-login-page>

                  <form-error-page>/resources/jsp/fail_login.jsp</form-error-page>

              </form-login-config>

          </login-config>

          <security-role>

              <description>Authorized to view access of Distribution.</description>

              <role-name>View</role-name>

          </security-role>

       

       

       

      Error:

       

      03:51:24,094 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-2) JBAS015876: Starting deployment of "OEprofWeb2.war"

      03:51:26,578 WARN  [org.jboss.as.server.deployment] (MSC service thread 1-2) Class Path entry apache-xbean.jar in "/C:/jboss/jboss-as-7.1.0.Final/standalone/deployments/OEprofWeb2.war/WEB-INF/lib/beehive-netui-compiler-1.0-alpha.jar"  does not point to a valid jar for a Class-Path reference.

      03:51:26,594 WARN  [org.jboss.as.server.deployment] (MSC service thread 1-2) Class Path entry jakarta-oro.jar in "/C:/jboss/jboss-as-7.1.0.Final/standalone/deployments/OEprofWeb2.war/WEB-INF/lib/struts.jar"  does not point to a valid jar for a Class-Path reference.

      03:51:26,594 WARN  [org.jboss.as.server.deployment] (MSC service thread 1-2) Class Path entry struts-legacy.jar in "/C:/jboss/jboss-as-7.1.0.Final/standalone/deployments/OEprofWeb2.war/WEB-INF/lib/struts.jar"  does not point to a valid jar for a Class-Path reference.

      03:51:31,531 ERROR [org.jboss.as] (MSC service thread 1-1) JBAS015875: JBoss AS 7.1.0.Final "Thunder" started (with errors) in 31891ms - Started 739 of 816 services (3 services failed or missing dependencies, 72 services are passive or on-demand)

      03:51:31,750 INFO  [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS015870: Deploy of deployment "OEprofWeb2.war" was rolled back with failure message {"JBAS014771: Services with missing/unavailable dependencies" => ["jboss.web.deployment.default-host./OEprofWeb2.realmjboss.security.security-domain.FormBasedAuthWebAppPolicyMissing[jboss.web.deployment.default-host./OEprofWeb2.realmjboss.security.security-domain.FormBasedAuthWebAppPolicy]"]}

      03:51:31,750 INFO  [org.jboss.as.controller] (DeploymentScanner-threads - 2) JBAS014774: Service status report

      JBAS014775:    New missing/unsatisfied dependencies:

            service jboss.security.security-domain.FormBasedAuthWebAppPolicy (missing) dependents: [service jboss.web.deployment.default-host./OEprofWeb2.realm]

       

       

      03:51:31,797 ERROR [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) {"JBAS014653: Composite operation failed and was rolled back. Steps that failed:" => {"Operation step-2" => {"JBAS014771: Services with missing/unavailable dependencies" => ["jboss.web.deployment.default-host./OEprofWeb2.realmjboss.security.security-domain.FormBasedAuthWebAppPolicyMissing[jboss.web.deployment.default-host./OEprofWeb2.realmjboss.security.security-domain.FormBasedAuthWebAppPolicy]"]}}}

      03:51:32,031 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-2) JBAS015877: Stopped deployment OEprofWeb2.war in 267ms

      03:51:32,031 INFO  [org.jboss.as.controller] (MSC service thread 1-2) JBAS014774: Service status report

      JBAS014776:    Newly corrected services:

            service jboss.security.security-domain.FormBasedAuthWebAppPolicy (new available)

        • 1. Re: Form based authentication in Jboss 7.1
          nickarls

          What does your security-subsystem configuration look like in standalone.xml?

          • 2. Re: Form based authentication in Jboss 7.1
            shaikhdahood

            Thanks for replying! This is what I have in my standalone.xml

             

            <subsystem xmlns="urn:jboss:domain:security:1.1">

                        <security-domains>

                            <security-domain name="other" cache-type="default">

                                <authentication>

                                    <login-module code="Remoting" flag="optional">

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                    </login-module>

                                    <login-module code="RealmUsersRoles" flag="required">

                                        <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                                        <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                                        <module-option name="realm" value="ApplicationRealm"/>

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                    </login-module>

                                </authentication>

                            </security-domain>

                            <security-domain name="jboss-web-policy" cache-type="default">

                                <authorization>

                                    <policy-module code="Delegating" flag="required"/>

                                </authorization>

                            </security-domain>

                            <security-domain name="jboss-ejb-policy" cache-type="default">

                                <authorization>

                                    <policy-module code="Delegating" flag="required"/>

                                </authorization>

                            </security-domain>

                        </security-domains>

                    </subsystem>

            • 3. Re: Form based authentication in Jboss 7.1
              nickarls

              Haven't used form-based authentication myself but looking at http://middlewaremagic.com/jboss/?p=453 they have a security-domain configured in the security subsystem

              • 4. Re: Form based authentication in Jboss 7.1
                shaikhdahood

                Thanks Nicklas!

                 

                Using the above link I was able to make the form based authentication in Jboss 7.1 thunder.