Google Site Search


Thursday, October 9, 2008

AS5: JSR-196 Integration: Web Form Auth

Objective: Provide JSR-196 integration for the web layer to do Form Authentication

Step 1: Configure your web.xml for form authentication. An example:

<web-app version="2.5" xmlns=""



Step 2: Configure your-web-app/WEB-INF/context.xml

className="" />

Step 3: You will need to configure the security domain for your web application in jboss-web.xml


Step 4: Outside of your web application, we will need a xxx-jboss-beans.xml to configure your JSR-196 modules. Example would be jaspi-webform-jboss-beans.xml.

<?xml version="1.0" encoding="UTF-8"?>

<deployment xmlns="urn:jboss:bean-deployer:2.0">

<application-policy xmlns="urn:jboss:security-beans:1.0"
<login-module-stack name="lm-stack">



<auth-module code="" login-module-stack-ref="lm-stack"/>


What this does is defines a JASPI configuration block with an ServerAuthModule that is capable of doing tomcat form authentication. In this case, we also define a login context delegation structure called lm-test.

Reference: Test Case :

1 comment:

Eric said...

So how would I plug in a standard Server Authentication Module? I'm porting an application from glassfish to jboss and it uses a SAM currently. I'd like to drop it into the jboss config but it doesn't seem to fit. If I replace HTTPFormServerAuthModule in your example with my SAM, I get nothing, no errors, no warnings and no webpage. Looking into the code a bit it appears that the instantiation code creates an instance of the SAM via a constructor with an argument. I don't think SAMs are required to have anything but a no-arg constructor. It also seems like it needs some backward integration int jboss/tomcat to get the authentication completed. Am I missing something?