Google Site Search

Google
 

Thursday, October 9, 2008

AS5: JSR-196 Integration: Web Http Basic Auth

Objective: Provide JSR-196 integration for the web layer to do Http Basic Authentication

Step 1: Configure your web.xml for basic authentication. An example:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd">
<security-constraint>
<web-resource-collection>
<web-resource-name>Home</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>architect</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JASPI</realm-name>
</login-config>

<security-role>
<role-name>architect</role-name>
</security-role>
</web-app>

Step 2: Configure your-web-app/WEB-INF/context.xml

<Context>
<Valve
className="org.jboss.web.tomcat.security.jaspi.TomcatJASPIAuthenticator" />
</Context>

Step 3: You will need to configure the security domain for your web application in jboss-web.xml

<jboss-web>
<security-domain>java:/jaas/jaspi-test</security-domain>
</jboss-web>


Step 4: Outside of your web application, we will need a xxx-jboss-beans.xml to configure your JSR-196 modules. An example would be jaspi-webbasic-jboss-beans.xml

<?xml version="1.0" encoding="UTF-8"?>

<deployment xmlns="urn:jboss:bean-deployer:2.0">

<application-policy xmlns="urn:jboss:security-beans:1.0"
name="jaspi-test">
<authentication-jaspi>
<login-module-stack name="lm-stack">

<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">

</login-module>
</login-module-stack>

<auth-module code="org.jboss.web.tomcat.security.jaspi.modules.HTTPBasicServerAuthModule" login-module-stack-ref="lm-stack"/>
</authentication-jaspi>
</application-policy>

</deployment>

What this does is defines a JASPI configuration block with an ServerAuthModule that is capable of doing tomcat form authentication. In this case, we also define a login context delegation structure called lm-test.

Reference: Test Case : WebJASPIBasicUnitTestCase.java

1 comment:

giorgio said...

Hi, Anil.
I'm trying to implement a JSR-196 authentication module.
As a starting point I'm trying to make your example work in jboss AS 6 M2.
All seems to deploy and work pretty well, but the authentication is not enabled on the deployed war. If I'm trying to make a get request to the endpoint: http://localhost:8080/jaspi-web-basic/ and I'm just getting a HTTP 200 response code instead of a username/password prompt.

Can you give me some hint and/or some link on how to deploy-test my own JASPIC client and server auth module implementation?

Thanks a lot,
Giorgio Grillini