5 Replies Latest reply on May 5, 2017 5:20 AM by nato Fontana

    The correct way to configure JAAS in WildFly?

    shinzey shinzey Newbie

      I'm trying to configure JAAS for WildFly and Derby but without success. Below are my steps:

       

      1. Create a DB table:
        create table credential (uname carchar(5), pwd varchar(5), urole varchar(5));
        insert into credential values('abc', 'abc', 'abc');
        Now I have a user whose name, password and role are all "abc".
      2. CopyDerby's driver jar (derbyclient.jar) to standalone/deployments.
      3. Create a data source:
        <datasource jta="false" jndi-name="java:/wt/testds" pool-name="testds" enabled="true" use-ccm="false">
            <connection-url>jdbc:derby://localhost:1527/testdb</connection-url>
            <driver-class>org.apache.derby.jdbc.ClientDriver</driver-class>
            <driver>derbyclient.jar</driver>
            <security>
                <user-name>zhyi</user-name>
                <password>zhyi</password>
            </security>
            <validation>
                <validate-on-match>false</validate-on-match>
                <background-validation>false</background-validation>
            </validation>
            <statement>
                <share-prepared-statements>false</share-prepared-statements>
            </statement>
        </datasource>
        I have verified that this data source can be successfully connected.
      4. Create a security domain:
        <security-domain name="testsd" cache-type="default">
            <authentication>
                <login-module code="Database" flag="required">
                    <module-option name="dsJndiName" value="java:/wt/testds"/>
                    <module-option name="principalsQuery" value="select pwd from credential where uname=?"/>
                    <module-option name="rolesQuery" value="select urole, 'Roles' from credential where uname=?"/>
                </login-module>
            </authentication>
        </security-domain>
      5. Configure the security domain in jboss-web.xml:
        <security-domain>testsd</security-domain>
      6. Configure the security constraint in web.xml:
        <security-role>
            <role-name>abc</role-name>
        </security-role>
        <security-constraint>
            <web-resource-collection>
                <web-resource-name>all</web-resource-name>
                <url-pattern>/*</url-pattern>
                <http-method>GET</http-method>
            </web-resource-collection>
            <auth-constraint>
                <role-name>abc</role-name>
            </auth-constraint>
        </security-constraint>
        <login-config>
            <auth-method>BASIC</auth-method>
        </login-config>
      7. Deploy the web application.

       

      Now when I try to access any page, the login dialog pops up, but when I try to login with abc:abc, the login dialog just pops up again, indicating the credential is wrong. Meanwhile I don't see any error output in WildFly's log.

       

      Could anybody help figure out any step is missing or incorrect? Thanks a lot in advance!

        • 1. Re: The correct way to configure JAAS in WildFly?
          Frank Langelage Master

          Compared your setup with mine.

          Name of my security-domain is "mbisso", referencing it in jboss-web.xml as "java:/jaas/mbisso".

          Perhaps it helps when you change your name to "java:/jaas/testsd".

          • 2. Re: The correct way to configure JAAS in WildFly?
            shinzey shinzey Newbie

            It works, thank you! A strange thing is that when I changed "java:/jaas/testsd" back to "testsd" again, it still works...

            • 3. Re: The correct way to configure JAAS in WildFly?
              Luiz Carlos d Oleron Newbie

              Hi,

               

              for future searchs,

               

              according to this:

              How do I migrate my application from AS5 or AS6 to WildFly - WildFly 8 - Project Documentation Editor

               

              "In WildFly 8 security domains no longer use the prefix java:/jaas/ in their names. Remove this prefix from the security domain configurations in jboss-web.xml for web applications and jboss.xml for enterprise applications."


              Just a hint for JSF users, you must to remove "<http-method>GET</http-method>" or include new entry "<http-method>POST</http-method>" in order to work with JSF post requests.

              • 4. Re: The correct way to configure JAAS in WildFly?
                Celio Abreu Newbie

                Hi,

                 

                I'm using the same login module, and it works fine, but I need to register the successful login.

                 

                Do you know an event or servlet that can I do this?

                • 5. Re: The correct way to configure JAAS in WildFly?
                  nato Fontana Newbie

                  Good  morning, I have the same problem. The popup appears but I can't log in with the credential read in the db.

                   

                  the MySql table are bo_principals and bo_roles on the schema appdatabpm

                   

                  This is my security domain in the standalone.xml :

                  <security-domain name="webAppServiceBpm" cache-type="default">

                                      <authentication>

                                          <login-module code="Database" flag="required">

                                              <module-option name="dsJndiName" value="java:jboss/datasources/AppDataBPM"/>

                                              <module-option name="principalsQuery" value="SELECT Password FROM bo_principals WHERE PrincipalId = ?"/>

                                              <module-option name="rolesQuery" value="SELECT Role,'Roles' FROM bo_roles WHERE PrincipalId = ?"/>

                                          </login-module>

                                      </authentication>

                                  </security-domain>

                   

                  this is the datasource:

                   

                  <datasource jndi-name="java:jboss/datasources/AppDataBPM" pool-name="AppDataBPM" enabled="true" use-java-context="true" use-ccm="true">

                                      <connection-url>jdbc:mysql://localhost:3306/AppDataBPM?autoReconnectForPools=true</connection-url>

                                      <driver>mysql</driver>

                                      <security>

                                          <user-name>root</user-name>

                                          <password>root</password>

                                      </security>

                                  </datasource>

                   

                  in my jboss.xml I Have:

                  <?xml version="1.0" encoding="UTF-8"?>

                  <jboss-web>

                          <security-domain>java:/jaas/webAppServiceBpm</security-domain>

                  </jboss-web>

                   

                  and in web.xml I have :

                  <security-constraint>

                       <web-resource-collection>

                          <web-resource-name>WebApplication access</web-resource-name>

                          <url-pattern>/*</url-pattern>

                       </web-resource-collection>

                    <auth-constraint>

                     <role-name>JBossAdmin</role-name>

                        <role-name>JBossAdminAziende</role-name>

                    </auth-constraint>   

                      </security-constraint>

                   

                  <login-config>

                        <auth-method>BASIC</auth-method>

                      </login-config>

                   

                   

                      <security-role>

                        <role-name>JBossAdmin</role-name>

                      </security-role>

                      <role-name>JBossAdminAziende</role-name>

                      </security-role> 

                  <security-role>

                   

                  Can someone help me please?