11 Replies Latest reply on Dec 1, 2008 9:00 AM by Amit Purohit

    JAAS login without JSF or JSP

    darren hartford Expert

      Does anyone have an example application where using just .html/.xhtml, web.xml, components.xml, and a seam application, you can login/authenticate and simple example of authorization?


      I've been having a really, really hard time over the past 16 hours trying to do just that.


      The intent is for other UI utilization (such as GWT), but no working examples of JAAS without JSF/JSP seem to exist.


      Thanks, been pulling my hair out...


      -D

        • 1. Re: JAAS login without JSF or JSP
          Daniel Hinojosa Master

          This is worth a try. Complete the setup in 13.4.8.1 in the seam documentation which will use your container's JAAS configuration  You can just create an HTML/XHTML file with something like the following:


          <form id='security_check' action='j_security_check'>
             Username: <input type='text' id='j_username'/>
             Password: <input type='password' id='j_password'/>
          </form>
          



          and then implement your Authenticator which Seam will call on for you.

          • 2. Re: JAAS login without JSF or JSP
            darren hartford Expert

            yup, already tried that, and I still can't get it to work.


            The project I can not get to work is here (showing how much stuff I've already tried):
            http://jira.jboss.org/jira/browse/JBSEAM-2325


            Call me an idiot, I don't care, I need a full, working example to make sure nothing is missed.


            .html/.xhtml
            component.xml
            web.xml
            seam classes (like the authenticator)


            • 3. Re: JAAS login without JSF or JSP
              Daniel Hinojosa Master

              So....just checking on some other stuff.  I assume you already put all the security-constraints, web-resource-collections, and auth-constraints into the web.xml?  Another thing that I know is that if you use the jboss/tomcat combination or any tomcat based app, the JAAS security is challenge-based only.



              P.S. I won't call you an idiot, it's just not my style....Plus I tend to f**k things up more than a lot of people (just the way I learn) so I'd be a complete hypocrite in doing so. ;)


              • 4. Re: JAAS login without JSF or JSP
                darren hartford Expert
                <blockquote>
                _Daniel Hinojosa wrote on Feb 14, 2008 04:45 PM:_<br/>I assume you already put all the security-constraints, web-resource-collections, and auth-constraints into the web.xml
                </blockquote>

                yes, setup with web.xml <security-constraints>, tried without, and tried many other combinations -- one such implemented attempt with actual code and config files is at:

                http://jira.jboss.org/jira/browse/JBSEAM-2325

                Another forum thread I started couple months ago with no feedback here, but some discoveries that may or may not be correct:

                http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4109370#4109370

                And after this many months, still no idea how to handle JAAS without JSF/JSP.
                • 5. Re: JAAS login without JSF or JSP
                  darren hartford Expert
                  uh - WTF?  The forum just clipped all my content :-(

                  To repeat:

                  Yes, setup security contraint on web.xml.  Tried without security constraint. Tried a variety of combinations without success.  One sample implementation that I tried, with actual code and config files, is here:

                  http://jira.jboss.org/jira/browse/JBSEAM-2325

                  Old forum post with some info, but probably not useful as no one responded:

                  http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4109370#4109370

                  • 6. Re: JAAS login without JSF or JSP
                    Christian Bauer Master

                    Did the text preview work? Did you use it? Did you use the formatting dropdown or the HELP? We need to know what the problem is.

                    • 7. Re: JAAS login without JSF or JSP
                      Daniel Hinojosa Master

                      Forgot to ask, did you also set up the JAAS on your app server, in login-config.xml?

                      • 8. Re: JAAS login without JSF or JSP
                        darren hartford Expert

                        yes, I setup the JAAS realm in the login-config.xml.


                        You can also dynamically load the JAAS realms through a jboss SAR approach, which is what I do (this is proven again and again, this works correctly).


                        <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="com.domain.app:service=DynamicLoginConfig">
                          <attribute name="AuthConfig">myapp-login-config.xml</attribute>
                          <depends optional-attribute-name="LoginConfigService">jboss.security:service=XMLLoginConfig</depends>
                          <depends optional-attribute-name="SecurityManagerService">jboss.security:service=JaasSecurityManager</depends>
                        </mbean>


                        However, the dynamic login approach has no bearing, as I've tested with directly changed login-config.xml as well just to make triple sure.

                        • 9. Re: JAAS login without JSF or JSP
                          darren hartford Expert

                          If someone could create a working sample project that uses the JAAS login approach without JSF or JSP, it would be very easy to move forward from there -- avoid a lot of question/answers about a capability or feature that may not exist.


                          The documentation has proven very clearly (to me) to be insufficient.  If someone feels the documentation is sufficient, prove me wrong with a working example  :-)

                          • 10. Re: JAAS login without JSF or JSP
                            darren hartford Expert

                            Seam login with JAAS without JSF or JSP (i.e. normal HTML/XHTML).  Intent is to incorporate with GWT (or, if you have a GWT example, that'll be great as well).

                            • 11. Re: JAAS login without JSF or JSP
                              Amit Purohit Newbie

                              Hi Darren,


                              I too need implement JAAS security with HTML/JSP pages in JBOSS-Seam application. Do you have any sample application that you can share with me.


                              Thanks in advance,
                              Amit