2 Replies Latest reply on Mar 21, 2017 2:52 PM by asif8782

BASIC web authentication in domain configuration for JBoss EAP7

asif8782 Mar 20, 2017 2:06 PM

Hi,

I am trying to configure BASIC authentication for access to an application deployed in JBoss EAP7 in domain mode. I have made the following configurations:

1. Added the following lines in <application EAR file>.ear/<application WAR file>.war/WEB-INF/web.xml file:

<security-constraint>

<auth-constraint>

<role-name>myrole</role-name>

</auth-constraint>

</security-constraint>

<login-config>

<auth-method>BASIC</auth-method>

<realm-name>Login</realm-name>

</login-config>

<security-role>

<role-name>myrole</role-name>

</security-role>

2. Created <application EAR file>.ear/<application WAR file>.war/WEB-INF/jboss-web.xml file with the following contents:

<?xml version='1.0' encoding='UTF-8'?>

<jboss-web>

<security-domain>myrole</security-domain>

</jboss-web>

3. Added the following lines in <JBoss installation directory>/domain/configuration/domain.xml file:

<security-domain name="myrole" cache-type="default">

<login-module code="UserRoles" flag="required">

<module-option name="rolesProperties" value="${jboss.domain.config.dir}/myrole-roles.properties"/>

<module-option name="usersProperties" value="${jboss.domain.config.dir}/myrole-users.properties"/>

</login-module>

</authentication>

</security-domain>

4. Created the <Jboss domain config dir>/myrole-roles.properties file with the following contents:

myuser=myrole

5. Created the <Jboss domain config dir>/myrole-user.properties file with the following contents:

myuser=mypassword

With all the above configurations in place, when I am trying to access the application, I still don't get the pop up asking me for username/password. Can someone please suggest what is wrong/missing in my configurations.

Thanks,

Asif

1. Re: BASIC web authentication in domain configuration for JBoss EAP7

mchoma Mar 21, 2017 6:28 AM (in response to asif8782)

If browser does not popup login/password dialog, that means your web.xml is wrong. And it seems to me you are missing web-resource collection. Something like:

   <security-constraint>
       <web-resource-collection>
          <web-resource-name>protected</web-resource-name>
          <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
          <role-name>myrole</role-name>
       </auth-constraint>
   </security-constraint>
Actions
2. Re: BASIC web authentication in domain configuration for JBoss EAP7

asif8782 Mar 21, 2017 2:52 PM (in response to mchoma)

Hi Martin,

As suggested by you, I have added the following contents in web.xml file:
          <security-constraint>
                 <web-resource-collection>
                      <web-resource-name>All resources</web-resource-name>
                      <description>Protects all resources</description>
                      <url-pattern>/*</url-pattern>
                 </web-resource-collection>
                 <auth-constraint>
                      <role-name>myrole</role-name>
                 </auth-constraint>
       </security-constraint>
       <login-config>
                 <auth-method>BASIC</auth-method>
                 <realm-name>Login</realm-name>
       </login-config>
       <security-role>
                 <role-name>myrole</role-name>
       </security-role>

Now I am getting the pop-up to enter username/password. However, when I provide the username as myuser and password as mypassword, it does not allow me in. Instead, the pop up comes back asking me to enter the login credentials again. After entering the credentials 3-4 times, it shows a message "Unauthorized" in the browser.

Can you suggest what is going wrong with this setup.

Thanks,
Asif
Actions

Go to original post