5 Replies Latest reply on May 5, 2017 5:20 AM by refontana

    The correct way to configure JAAS in WildFly?

    shinzey
    shinzey Mar 29, 2014 9:13 AM

      I'm trying to configure JAAS for WildFly and Derby but without success. Below are my steps:

       

      1. Create a DB table:
        create table credential (uname carchar(5), pwd varchar(5), urole varchar(5));
insert into credential values('abc', 'abc', 'abc');
        Now I have a user whose name, password and role are all "abc".
      2. CopyDerby's driver jar (derbyclient.jar) to standalone/deployments.
      3. Create a data source:
        <datasource jta="false" jndi-name="java:/wt/testds" pool-name="testds" enabled="true" use-ccm="false">
    <connection-url>jdbc:derby://localhost:1527/testdb</connection-url>
    <driver-class>org.apache.derby.jdbc.ClientDriver</driver-class>
    <driver>derbyclient.jar</driver>
    <security>
        <user-name>zhyi</user-name>
        <password>zhyi</password>
    </security>
    <validation>
        <validate-on-match>false</validate-on-match>
        <background-validation>false</background-validation>
    </validation>
    <statement>
        <share-prepared-statements>false</share-prepared-statements>
    </statement>
</datasource>
        I have verified that this data source can be successfully connected.
      4. Create a security domain:
        <security-domain name="testsd" cache-type="default">
    <authentication>
        <login-module code="Database" flag="required">
            <module-option name="dsJndiName" value="java:/wt/testds"/>
            <module-option name="principalsQuery" value="select pwd from credential where uname=?"/>
            <module-option name="rolesQuery" value="select urole, 'Roles' from credential where uname=?"/>
        </login-module>
    </authentication>
</security-domain>
      5. Configure the security domain in jboss-web.xml:
        <security-domain>testsd</security-domain>
      6. Configure the security constraint in web.xml:
        <security-role>
    <role-name>abc</role-name>
</security-role>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>all</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>abc</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
</login-config>
      7. Deploy the web application.

       

      Now when I try to access any page, the login dialog pops up, but when I try to login with abc:abc, the login dialog just pops up again, indicating the credential is wrong. Meanwhile I don't see any error output in WildFly's log.

       

      Could anybody help figure out any step is missing or incorrect? Thanks a lot in advance!

        • 1. Re: The correct way to configure JAAS in WildFly?
          lafr
          lafr Mar 29, 2014 7:14 PM (in response to shinzey)

          Compared your setup with mine.

          Name of my security-domain is "mbisso", referencing it in jboss-web.xml as "java:/jaas/mbisso".

          Perhaps it helps when you change your name to "java:/jaas/testsd".

            • Actions
          • 2. Re: The correct way to configure JAAS in WildFly?
            shinzey
            shinzey Mar 30, 2014 12:04 AM (in response to lafr)

            It works, thank you! A strange thing is that when I changed "java:/jaas/testsd" back to "testsd" again, it still works...

              • Actions
            • 3. Re: The correct way to configure JAAS in WildFly?
              luiz.doleron
              luiz.doleron Mar 24, 2015 8:38 AM (in response to shinzey)

              Hi,

               

              for future searchs,

               

              according to this:

              How do I migrate my application from AS5 or AS6 to WildFly - WildFly 8 - Project Documentation Editor

               

              "In WildFly 8 security domains no longer use the prefix java:/jaas/ in their names. Remove this prefix from the security domain configurations in jboss-web.xml for web applications and jboss.xml for enterprise applications."


              Just a hint for JSF users, you must to remove "<http-method>GET</http-method>" or include new entry "<http-method>POST</http-method>" in order to work with JSF post requests.

                • Actions
              • 4. Re: The correct way to configure JAAS in WildFly?
                celioabreu
                celioabreu Jan 9, 2016 11:30 AM (in response to shinzey)

                Hi,

                 

                I'm using the same login module, and it works fine, but I need to register the successful login.

                 

                Do you know an event or servlet that can I do this?

                  • Actions
                • 5. Re: The correct way to configure JAAS in WildFly?
                  refontana
                  refontana May 5, 2017 5:20 AM (in response to shinzey)

                  Good  morning, I have the same problem. The popup appears but I can't log in with the credential read in the db.

                   

                  the MySql table are bo_principals and bo_roles on the schema appdatabpm

                   

                  This is my security domain in the standalone.xml :

                  <security-domain name="webAppServiceBpm" cache-type="default">

                                      <authentication>

                                          <login-module code="Database" flag="required">

                                              <module-option name="dsJndiName" value="java:jboss/datasources/AppDataBPM"/>

                                              <module-option name="principalsQuery" value="SELECT Password FROM bo_principals WHERE PrincipalId = ?"/>

                                              <module-option name="rolesQuery" value="SELECT Role,'Roles' FROM bo_roles WHERE PrincipalId = ?"/>

                                          </login-module>

                                      </authentication>

                                  </security-domain>

                   

                  this is the datasource:

                   

                  <datasource jndi-name="java:jboss/datasources/AppDataBPM" pool-name="AppDataBPM" enabled="true" use-java-context="true" use-ccm="true">

                                      <connection-url>jdbc:mysql://localhost:3306/AppDataBPM?autoReconnectForPools=true</connection-url>

                                      <driver>mysql</driver>

                                      <security>

                                          <user-name>root</user-name>

                                          <password>root</password>

                                      </security>

                                  </datasource>

                   

                  in my jboss.xml I Have:

                  <?xml version="1.0" encoding="UTF-8"?>

                  <jboss-web>

                          <security-domain>java:/jaas/webAppServiceBpm</security-domain>

                  </jboss-web>

                   

                  and in web.xml I have :

                  <security-constraint>

                       <web-resource-collection>

                          <web-resource-name>WebApplication access</web-resource-name>

                          <url-pattern>/*</url-pattern>

                       </web-resource-collection>

                    <auth-constraint>

                     <role-name>JBossAdmin</role-name>

                        <role-name>JBossAdminAziende</role-name>

                    </auth-constraint>   

                      </security-constraint>

                   

                  <login-config>

                        <auth-method>BASIC</auth-method>

                      </login-config>

                   

                   

                      <security-role>

                        <role-name>JBossAdmin</role-name>

                      </security-role>

                      <role-name>JBossAdminAziende</role-name>

                      </security-role> 

                  <security-role>

                   

                  Can someone help me please?

                    • Actions