0 Replies Latest reply on Nov 24, 2013 6:38 AM by Hans Kaiser

    JEE 7 and wildfly way for BASIC auth for Servlets and JAX-RS2.0?

    Hans Kaiser Newbie

      Hello all,

       

      I am pretty new to JBoss. Till now I had a boss who only used big blue. And we had max. the JEE5 features running..

       

      Now I have an option to switch to wildfly in combination with JEE 7, but I am too new to it. So I have multiple questions.

      And I have to solve the current problems neatly to get the option to switch also other projects to wildfly/jboss. So please help me!

       

      So my very first question:

      What books and resources can you recommend me to get a insight into wildfly and the JEE7 features?

       

      I am running on wildfly 8.0.0 beta1 on oracle jdk (ubuntu) and I have eclipse Kepler with the JBoss Tools.

      My first big point was the steep learning curve to get JAX-RS2.0 running with JAXB and JSON.

      I think I have solved it neatly.

      So my next question:

      To verify it, can someone recommend me a book or other resources on it?

       

      Now I have to incorporate a JavaScript GUi with authorization and authentication. (JavaScript GUI will be another thread/question)

      And here I am stuggling really hard. I have to use the JEE7 features to protect the JAX-RS 2.0 Resources. But I couldn't find a hint how to do this.

      I have nearly no clue how to solve the next questions:

      • How to activate a BASIC or an FormBased Authentication?
        For now I would be happy to have a basic auth, but for the later JavaScript GUI it will be a need to switch to form based authentication.
      • How to enforce the current JAX-RS2.0 Resources to expect a authentication or to fail with a httpcode 401 or httpcode 403?
        It should be a JEE 7 solution.
        I tried this setup, but now I have a buch of configuration in XML-Files.
        I thought with JEE6 it has moved to annotation?

        What have I done wrong?
        Is it a JEE 7 solution?
        • I have created a application user mydummy with add-user.sh in the roles admins,dummy-users and the users have to authenticate
        • I am using this WEB-INF/web.xml

          <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:web="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"

             xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">

             <security-constraint>

                <web-resource-collection>

                   <web-resource-name>HtmlAuth</web-resource-name>

                   <description>application security constraints</description>

                   <url-pattern>/*</url-pattern>

                   <http-method>GET</http-method>

                   <http-method>POST</http-method>

                </web-resource-collection>

                <auth-constraint>

                   <role-name>dummy-users</role-name>

                </auth-constraint>

             </security-constraint>

             <login-config>

                <auth-method>BASIC</auth-method>

                <realm-name>ApplicationRealm</realm-name>

             </login-config>

             <security-role>

                <role-name>Manager</role-name>

             </security-role>

          </web-app>

        • and this WEB-INF/jboss-web.xml

          <?xml version="1.0" encoding="UTF-8"?>

          <jboss-web>

             <security-domain>java:/jaas/other</security-domain>

          </jboss-web>

      • How can I define to protect all resources except some specific files like login.html and the corresponding JAX-RS2.0 Resource respectively a Servlet?Hopefully there are JEE7 solution to reduce the XML configs.
      • The last question:
        How can I use a own database for users and password for the authentication? I would like to configure it on application (EAR) for each application, and to leave the management users and passwords independently.

       

      Hopefully someone can help me on my first steep steps to wildfly and JEE7.

       

      bye hkais