Reputation: 495
JBoss authentication issue
I am newbie to JBoss and I have the application running in JBoss 6.2. We usually have the login set up using JSF. It's showing a screen with username and password (created by JSF) and that's an internal part of the application and that works fine.
But I came to know there is basic authentication setup available in JBoss. We can configure it in a way that it requires to pass through authentication. I searched on the internet and I found a way to introduce it like below:
D:\workspace_Csmart\jboss-eap-6.2\bin>add-user
What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a): b
Enter the details of the new user to add.
Using realm 'ApplicationRealm' as discovered from the existing property files.
Username : prabhu
User 'prabhu' already exits, would you like to update the existing user password and roles
Is this correct yes/no? yes
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[user]: prabhu
Updated user 'prabhu' to file 'D:\workspace_Csmart\jboss-eap-
6.2\standalone\configuration\application-users.properties'
Updated user 'prabhu' to file 'D:\workspace_Csmart\jboss-eap-6.2\domain\configuration\application-users.properties'
Updated user 'prabhu' with groups prabhu to file 'D:\workspace_Csmart\jboss-eap-6.2\standalone\configuration\application-roles.prope
Updated user 'prabhu' with groups prabhu to file 'D:\workspace_Csmart\jboss-eap-6.2\domain\configuration\application-roles.propertie
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <secret value="cHJhYmh1QDEyMw==" />
And you see the user and password is updated in properties, so I ran the server with my local setup and it's up and running. But I didn't see any popup asking JBoss basic credentials. It's just directly going to the login page: http://10.17.195.15:8080/Proj/home.xhtml
Do I have to do anything with standalone.xml? security tag?
I would really appreciate it if anyone can point out what I am missing here? What do I need to do to make it work for JBoss Basic Authentication? Thanks!
Upvotes: 1
Views: 2870
Answers (2)
Reputation: 495
Yes. This somehow helped me to solve this I just did following things:
Under WebContent folder:
step1: change in web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<description>Protects all resources</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>prabhu</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>prabhu</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name></realm-name>
</login-config>
step2 : change in jboss-web.xml
<jboss-web>
<context-root>C-SMART</context-root>
<security-domain>java:/jaas/other</security-domain>
</jboss-web>
step 3 : creating user and password for jboss basic authentication
D:\workspace_Csmart\jboss-eap-6.2\bin>add-user
What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a): b
Enter the details of the new user to add.
Using realm 'ApplicationRealm' as discovered from the existing property files.
Username : prabhu
User 'prabhu' already exits, would you like to update the existing user password and roles
Is this correct yes/no? yes
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[prabhu]: prabhu
Updated user 'prabhu' to file 'D:\workspace_Csmart\jboss-eap-6.2\standalone\configuration\application-users.properties'
Updated user 'prabhu' to file 'D:\workspace_Csmart\jboss-eap-6.2\domain\configuration\application-users.properties'
Updated user 'prabhu' with groups prabhu to file 'D:\workspace_Csmart\jboss-eap-6.2\standalone\configuration\application-roles.properties'
Updated user 'prabhu' with groups prabhu to file 'D:\workspace_Csmart\jboss-eap-6.2\domain\configuration\application-roles.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <secret value="cHJhYmh1QDEyMw==" />
Press any key to continue . . .
Step 4: verified above user changes reflected in following files
'D:\workspace_Csmart\jboss-eap-6.2\standalone\configuration\application-users.properties' 'D:\workspace_Csmart\jboss-eap-6.2\domain\configuration\application-users.properties' 'D:\workspace_Csmart\jboss-eap-6.2\standalone\configuration\application-roles.properties' 'D:\workspace_Csmart\jboss-eap-6.2\domain\configuration\application-roles.properties'
And its worked fine for me.. Thanks all your help..
Upvotes: 0
Reputation: 928
1) First you need to move all your jsf files (that need protection) in some folder, for example secured folder.
2) Create index.jsf that redirects to protected start page and place it outside secured folder.
3) Create logout.jsf which does session.invalidate() and redirects to index.jsf page.
<html>
<body>
<%
if(session!=null)
{
session.invalidate();%>
<jsp:forward page="index.jsp" />
<%
} else{
%>
Logged Out Successfully....
<% }%>
</body>
</html>
4) Add security constraints to web.xml.
<security-constraint>
<web-resource-collection>
<web-resource-name>MySecureResources</web-resource-name>
<description>Some Description</description>
<url-pattern>/secured/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>TestRole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>TestRole</role-name>
</security-role>
5) Create jboss-web.xml file inside projects WEB_INF folder.
<?xml version="1.0"?>
<!DOCTYPE jboss-web PUBLIC
"-//JBoss//DTD Web Application 5.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
<jboss-web>
<security-domain>java:/jaas/BasicAuthWebAppPolicy</security-domain>
<context-root>/basicSecurityWebApp</context-root>
</jboss-web>
6) Create a file with some name like basicSecurityWebApp-roles.properties. and place it in WEB_INF/classes folder. Define role there and assign that role to some user.
TestUserOne=TestRole
7) Create another file with some name like basicSecurityWebApp-users.properties and place it in WEB-INF/classes folder and define username and password.
TestUserOne=TestPassword
8) Now you should modify login-config.xml in $PROFILE/conf/ folder. Add application-policy with the same name as BasicSecurityWebApp.
<application-policy name="BasicAuthWebAppPolicy">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="usersProperties">basicSecurityWebApp-users.properties</module-option>
<module-option name="rolesProperties">basicSecurityWebApp-roles.properties</module-option>
</login-module>
</authentication>
9) Deploy application to JBoss.
10) Now every time you have to access our website you have to enter user and password you provided in credentials file (username as “TestUserOne” and password as “TestPassword”).
For more details see This
Upvotes: 3
Related Questions
- Missing application-http-authentication in JBoss EAP 7.4 standalone.xml which uses ApplicationDomain
- Error in Assigning proper home directory while configuring jboss-eap-6.4 server in Eclipse Luna
- Can't enable jboss security
- JBoss EAP 7 Basic Authentication not work
- Switchyard basic authentication
- Running EJB 2.1 on Wildfly 10
- JBoss migration from JBoss AS 4.2 GA to JBoss EAP 6.2
- jboss jmx console login