Objective: Provide JSR-196 integration for the web layer to do Form Authentication
Step 1: Configure your web.xml for form authentication. An example:
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd">
<security-constraint>
<web-resource-collection>
<web-resource-name>Home</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>architect</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>form</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>architect</role-name>
</security-role>
</web-app>
Step 2: Configure your-web-app/WEB-INF/context.xml
<Context>
<Valve
className="org.jboss.web.tomcat.security.jaspi.TomcatJASPIAuthenticator" />
</Context>
Step 3: You will need to configure the security domain for your web application in jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/jaspi-test</security-domain>
</jboss-web>
Step 4: Outside of your web application, we will need a xxx-jboss-beans.xml to configure your JSR-196 modules. Example would be jaspi-webform-jboss-beans.xml.
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="urn:jboss:bean-deployer:2.0">
<application-policy xmlns="urn:jboss:security-beans:1.0"
name="jaspi-test">
<authentication-jaspi>
<login-module-stack name="lm-stack">
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
</login-module>
</login-module-stack>
<auth-module code="org.jboss.web.tomcat.security.jaspi.modules.HTTPFormServerAuthModule" login-module-stack-ref="lm-stack"/>
</authentication-jaspi>
</application-policy>
</deployment>
What this does is defines a JASPI configuration block with an ServerAuthModule that is capable of doing tomcat form authentication. In this case, we also define a login context delegation structure called lm-test.
Reference: Test Case : WebJASPIFormUnitTestCase.java
1 comment:
So how would I plug in a standard Server Authentication Module? I'm porting an application from glassfish to jboss and it uses a SAM currently. I'd like to drop it into the jboss config but it doesn't seem to fit. If I replace HTTPFormServerAuthModule in your example with my SAM, I get nothing, no errors, no warnings and no webpage. Looking into the code a bit it appears that the instantiation code creates an instance of the SAM via a constructor with an argument. I don't think SAMs are required to have anything but a no-arg constructor. It also seems like it needs some backward integration int jboss/tomcat to get the authentication completed. Am I missing something?
Post a Comment