Google Site Search


Thursday, October 9, 2008

AS5: JSR-196 Integration: Web Http Basic Auth

Objective: Provide JSR-196 integration for the web layer to do Http Basic Authentication

Step 1: Configure your web.xml for basic authentication. An example:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns=""



Step 2: Configure your-web-app/WEB-INF/context.xml

className="" />

Step 3: You will need to configure the security domain for your web application in jboss-web.xml


Step 4: Outside of your web application, we will need a xxx-jboss-beans.xml to configure your JSR-196 modules. An example would be jaspi-webbasic-jboss-beans.xml

<?xml version="1.0" encoding="UTF-8"?>

<deployment xmlns="urn:jboss:bean-deployer:2.0">

<application-policy xmlns="urn:jboss:security-beans:1.0"
<login-module-stack name="lm-stack">



<auth-module code="" login-module-stack-ref="lm-stack"/>


What this does is defines a JASPI configuration block with an ServerAuthModule that is capable of doing tomcat form authentication. In this case, we also define a login context delegation structure called lm-test.

Reference: Test Case :

1 comment:

Giorgio said...

Hi, Anil.
I'm trying to implement a JSR-196 authentication module.
As a starting point I'm trying to make your example work in jboss AS 6 M2.
All seems to deploy and work pretty well, but the authentication is not enabled on the deployed war. If I'm trying to make a get request to the endpoint: http://localhost:8080/jaspi-web-basic/ and I'm just getting a HTTP 200 response code instead of a username/password prompt.

Can you give me some hint and/or some link on how to deploy-test my own JASPIC client and server auth module implementation?

Thanks a lot,
Giorgio Grillini