3 Replies Latest reply on Dec 17, 2013 8:19 AM by Shwetha Manjunatha

    JAAS authentication in jboss 7 using customloginmodule (DatabaseServerLoginModule)

    Shwetha Manjunatha Newbie

      Hi All,

      I am using picketlink on jboss 7.1.1 using spring mvc.Below are my configurations:

       

      picketlink-idfed.xml:

      <PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:1.0" >

      <IdentityURL>${idp.url::http://localhost:8080/nios/}</IdentityURL>

      <Trust>

         <Domains>localhost,jboss.com,jboss.org,amazonaws.com</Domains>

      </Trust>

      </PicketLinkIDP>

       

       

      picketlink-handlers.xml:

      <Handlers xmlns="urn:picketlink:identity-federation:handler:config:1.0">

         <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler"/>

         <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>

        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler">

         <Option key="DISABLE_ROLE_PICKING" value="true"/>

        </Handler>    

      <!--    <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler"/>

      --></Handlers>

       

      web.xml

      <?xml version="1.0" encoding="UTF-8"?>

      <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       

          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd  "

          version="3.0" metadata-complete="true">

          <!-- The definition of the Root Spring Container shared by all Servlets

              and Filters -->

       

          <welcome-file-list>

              <welcome-file></welcome-file>

          </welcome-file-list>

         

          <!--    <security-constraint>

          <web-resource-collection>

            <web-resource-name>Manager command</web-resource-name>

            <url-pattern>/*</url-pattern>

          </web-resource-collection>

            <auth-constraint>

             <role-name>*</role-name>

            <role-name>manager</role-name>

             <role-name>Sales</role-name>

             <role-name>Employee</role-name>

          </auth-constraint>

        </security-constraint> -->

          <!-- Processes application requests -->

          <servlet>

              <servlet-name>dispatcher</servlet-name>

              <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

              <init-param>

                  <param-name>contextConfigLocation</param-name>

                  <param-value>/resources/spring/dispatcher-servlet.xml</param-value>

              </init-param>

              <load-on-startup>1</load-on-startup>

              <async-supported>true</async-supported>

          </servlet>

       

          <servlet-mapping>

              <servlet-name>dispatcher</servlet-name>

              <url-pattern>/</url-pattern>

          </servlet-mapping>

       

          <error-page>

              <error-code>404</error-code>

              <location>/WEB-INF/jsp/404Error.jsp</location>

          </error-page>

       

          <context-param>

              <param-name>log4jConfigLocation</param-name>

              <param-value>/resources/log4j.xml</param-value>

          </context-param>

       

         

       

          <listener>

              <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>

          </listener>

         

          <jsp-config>

              <taglib>

                  <taglib-uri>http://jakarta.apache.org/taglibs/unstandard-1.0</taglib-uri>

                  <taglib-location>/resources/tld/unstandard.tld</taglib-location>

              </taglib>

         

          </jsp-config>

         

          <login-config>

          <auth-method>FORM</auth-method>

          <realm-name>PicketLink IDP Application</realm-name>

          <form-login-config>

             <form-login-page>/jsp/loginUser.jsp</form-login-page>

             <form-error-page>/jsp/error.jsp</form-error-page>

          </form-login-config>

        </login-config>

         

         

          <security-role>

          <role-name>*</role-name>

        </security-role>

         

       

      </web-app>

       

       

      context.xml in WEB-INF

       

      <Context>

          <Valve

              className="org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve" />

          <Valve

              className="org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve"

              signOutgoingMessages="false"

              ignoreIncomingSignatures="true"/>

      </Context>

       

      loginUser.jsp:

      <html><head><title>Login Page</title></head>

      <body>

      <font size='5' color='blue'>Please Login</font><hr>

       

      <form action='j_security_check' method='post'>

      <table>

      <tr><td>Name:</td>

         <td><input type='text' name='j_username'></td></tr>

      <tr><td>Password:</td>

         <td><input type='password' name='j_password' size='8'></td>

      </tr>

      </table>

      <br>

        <input type='submit' value='login'>

      </form></body>

      </html>

       

      and standalone.xml configuration is done accordingly..

       

      On providing username and password in login page i am not able to authenticate.Can someone point out if there are any configuration issues?

      Any help would be appreciated.

       

      Thanks

      Swetha

        • 2. Re: JAAS authentication in jboss 7 using customloginmodule (DatabaseServerLoginModule)
          Shwetha Manjunatha Newbie

          I am having jboss-web.xml as well in addition to context.xml i had missed that in my post.

          This is my jboss-web.xml:

          <jboss-web>

            <security-domain>idp</security-domain>

            <valve>

               <class-name>org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve</class-name>

               <param>

                  <param-name>signOutgoingMessages</param-name>

                  <param-value>false</param-value>

               </param>

               <param>

                  <param-name>ignoreIncomingSignatures</param-name>

                  <param-value>true</param-value>

               </param>

             </valve>

           

          </jboss-web>

          • 3. Re: JAAS authentication in jboss 7 using customloginmodule (DatabaseServerLoginModule)
            Shwetha Manjunatha Newbie

            Hi,

            Actually I am able to authenticate , now the problem is after authentication,user is not being redirected to protected page for which 404 error is being displayed.

            I am specifying role name as * so the authentication is role independent.

            Along with the other configurations,security constraint of my web.xml is as follows:

             

            <?xml version="1.0" encoding="UTF-8"?>

            <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

             

                xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd  "

                version="3.0" metadata-complete="true">

                <!-- The definition of the Root Spring Container shared by all Servlets

                    and Filters -->

             

                <welcome-file-list>

                    <welcome-file></welcome-file>

                </welcome-file-list>

             

                   <security-constraint>

                <web-resource-collection>

                  <web-resource-name>Manager command</web-resource-name>

                  <url-pattern>/home</url-pattern>

                </web-resource-collection>

                   <auth-constraint>

                   <role-name>*</role-name>

                </auth-constraint>

              </security-constraint>

                <!-- Processes application requests -->

                  <servlet>

                    <servlet-name>dispatcher</servlet-name>

                    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

                    <init-param>

                        <param-name>contextConfigLocation</param-name>

                        <param-value>/resources/spring/dispatcher-servlet.xml</param-value>

                    </init-param>

                    <load-on-startup>1</load-on-startup>

                    <async-supported>true</async-supported>

                </servlet>

             

                <servlet-mapping>

                    <servlet-name>dispatcher</servlet-name>

                    <url-pattern>/</url-pattern>

                </servlet-mapping>

             

                <error-page>

                    <error-code>404</error-code>

                    <location>/WEB-INF/jsp/404Error.jsp</location>

                </error-page>

             

                <context-param>

                    <param-name>log4jConfigLocation</param-name>

                    <param-value>/resources/log4j.xml</param-value>

                </context-param>

             

               

             

                <listener>

                    <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>

                </listener>

               

                <jsp-config>

                    <taglib>

                        <taglib-uri>http://jakarta.apache.org/taglibs/unstandard-1.0</taglib-uri>

                        <taglib-location>/resources/tld/unstandard.tld</taglib-location>

                    </taglib>

               

                </jsp-config>

               

                <login-config>

                <auth-method>FORM</auth-method>

                <realm-name>PicketLink IDP Application</realm-name>

                <form-login-config>

                   <form-login-page>/WEB-INF/jsp/loginUser.jsp</form-login-page>

                   <form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>

                </form-login-config>

              </login-config>

               

               

                 <security-role>

                <role-name>*</role-name>

              </security-role>

               

             

            </web-app>

             

            While accessing the application like http://localhost:8080/myapp/home I am being redirected to login page where user successfully logs in.

            After authentication I am getting 404 error.There exists a resource in this path /WEB-INF/jsp/home.jsp.

             

            Can any one figure out if any configuration is missing.?