1 Reply Latest reply on Aug 13, 2012 10:36 PM by Marnie Knue

    Basic Authentication Logout in EAP6

    Alok Mishra Newbie

      I am using EAP 6 to login to web application using the following configuration.

      On accessing the web application jboss automatically gives an inbuilt popup which asks for

      credentials and it allows to login successfully.

       

      Now I want to logout of the web application but could not figure out a way to do so.

      Please suggest any hints.

       

      1. Standalone.xml (In JBoss à Standalone à Configuration )  …dev
      2. Domain.xml (In JBoss à Domain à Configuration)  …production

       

      Add a security-domain under below mentioned tag along with already present security domains.

      Right Below ……

      <subsystem xmlns="urn:jboss:domain:security:1.1">

      <security-domains>

       

      This was added.

      <security-domain name="configAppSecurityDomain" cache-type="default">

      <authentication>

      <login-module code="RealmUsersRoles" flag="required">

      <module-option name="usersProperties" value="${jboss.server.config.dir}/mgmt-users.properties"/>

      <module-option name="rolesProperties" value="${jboss.server.config.dir}/mgmt-roles.properties"/>

      <module-option name="realm" value="ManagementRealm"/>

      <module-option name="unauthenticatedIdentity" value="nobody" />

      <module-option name="password-stacking" value="useFirstPass" />

      </login-module>

      </authentication>

      </security-domain>

       

      For domain server (QA and Production) the location would be "${jboss.domain.config.dir}

       

      1. Web.xml (of Sovereign Config Web App)

       

      <security-constraint>

      <web-resource-collection>

      <web-resource-name>ConfigWebApp</web-resource-name>

      <description>Configuration Application</description>

      <url-pattern>/*</url-pattern>

      <http-method>GET</http-method>

      <http-method>POST</http-method>

      </web-resource-collection>

      <auth-constraint>

      <role-name>configAppUserRole</role-name>

      </auth-constraint>

          </security-constraint>

          <login-config>

      <auth-method>BASIC</auth-method>

      <realm-name>ManagementRealm</realm-name>

          </login-config>

          <security-role>

      <role-name> configAppUserRole </role-name>

          </security-role>

       

      1. jboss-web.xml

       

      Add this file with the below contents next to web.xml in the Sovereign Config Web App.

       

      <?xml version='1.0' encoding='UTF-8' ?>

      <jboss-web>

      <security-domain>java:/jaas/configAppSecurityDomain</security-domain>

      </jboss-web>

       

      1. mgmt-users.properties

       

      Add a user in the mgmt-user.properties file (using the add-user.bat script from jboss à bin). Make sure the realm is ManagementRealm.

       

      1. mgmt-roles.properties

       

      Add the role configAppUserRole to above create user.

       

      (In JBoss à Standalone à Configuration)  dev environment

      (In JBoss à Domain à Configuration) production environment

        • 1. Re: Basic Authentication Logout in EAP6
          Marnie Knue Newbie

          Logging out is not an issue of JBoss, it is an issue of the application itself. The best you can do without getting into the actual application is to set a session timeout.  In web.xml add the following:

           

          <session-config>

               <session-timeout>30</session-timeout>

          </session-config>

           

          The 30 is 30 minutes meaning that if we haven't heard from the person for 30 minutes or more, then the server is to kill their session. It's not a logout, per se, but it's the best we have as an admin that I'm aware of.

          1 of 1 people found this helpful