The correct way to configure JAAS in WildFly?
shinzey Mar 29, 2014 9:13 AMI'm trying to configure JAAS for WildFly and Derby but without success. Below are my steps:
- Create a DB table:
create table credential (uname carchar(5), pwd varchar(5), urole varchar(5)); insert into credential values('abc', 'abc', 'abc');
Now I have a user whose name, password and role are all "abc". - CopyDerby's driver jar (derbyclient.jar) to standalone/deployments.
- Create a data source:
<datasource jta="false" jndi-name="java:/wt/testds" pool-name="testds" enabled="true" use-ccm="false"> <connection-url>jdbc:derby://localhost:1527/testdb</connection-url> <driver-class>org.apache.derby.jdbc.ClientDriver</driver-class> <driver>derbyclient.jar</driver> <security> <user-name>zhyi</user-name> <password>zhyi</password> </security> <validation> <validate-on-match>false</validate-on-match> <background-validation>false</background-validation> </validation> <statement> <share-prepared-statements>false</share-prepared-statements> </statement> </datasource>
I have verified that this data source can be successfully connected. - Create a security domain:
<security-domain name="testsd" cache-type="default"> <authentication> <login-module code="Database" flag="required"> <module-option name="dsJndiName" value="java:/wt/testds"/> <module-option name="principalsQuery" value="select pwd from credential where uname=?"/> <module-option name="rolesQuery" value="select urole, 'Roles' from credential where uname=?"/> </login-module> </authentication> </security-domain>
- Configure the security domain in jboss-web.xml:
<security-domain>testsd</security-domain>
- Configure the security constraint in web.xml:
<security-role> <role-name>abc</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>all</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>abc</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config>
- Deploy the web application.
Now when I try to access any page, the login dialog pops up, but when I try to login with abc:abc, the login dialog just pops up again, indicating the credential is wrong. Meanwhile I don't see any error output in WildFly's log.
Could anybody help figure out any step is missing or incorrect? Thanks a lot in advance!