Google Site Search

Google
 

Thursday, October 9, 2008

AS5: JSR-196 Integration: Web Form Auth

Objective: Provide JSR-196 integration for the web layer to do Form Authentication

Step 1: Configure your web.xml for form authentication. An example:

<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd">
<security-constraint>
<web-resource-collection>
<web-resource-name>Home</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>architect</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>form</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>architect</role-name>
</security-role>
</web-app>


Step 2: Configure your-web-app/WEB-INF/context.xml

<Context>
<Valve
className="org.jboss.web.tomcat.security.jaspi.TomcatJASPIAuthenticator" />
</Context>

Step 3: You will need to configure the security domain for your web application in jboss-web.xml

<jboss-web>
<security-domain>java:/jaas/jaspi-test</security-domain>
</jboss-web>


Step 4: Outside of your web application, we will need a xxx-jboss-beans.xml to configure your JSR-196 modules. Example would be jaspi-webform-jboss-beans.xml.

<?xml version="1.0" encoding="UTF-8"?>

<deployment xmlns="urn:jboss:bean-deployer:2.0">

<application-policy xmlns="urn:jboss:security-beans:1.0"
name="jaspi-test">
<authentication-jaspi>
<login-module-stack name="lm-stack">

<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">

</login-module>
</login-module-stack>

<auth-module code="org.jboss.web.tomcat.security.jaspi.modules.HTTPFormServerAuthModule" login-module-stack-ref="lm-stack"/>
</authentication-jaspi>
</application-policy>

</deployment>

What this does is defines a JASPI configuration block with an ServerAuthModule that is capable of doing tomcat form authentication. In this case, we also define a login context delegation structure called lm-test.

Reference: Test Case : WebJASPIFormUnitTestCase.java

1 comment:

Unknown said...

So how would I plug in a standard Server Authentication Module? I'm porting an application from glassfish to jboss and it uses a SAM currently. I'd like to drop it into the jboss config but it doesn't seem to fit. If I replace HTTPFormServerAuthModule in your example with my SAM, I get nothing, no errors, no warnings and no webpage. Looking into the code a bit it appears that the instantiation code creates an instance of the SAM via a constructor with an argument. I don't think SAMs are required to have anything but a no-arg constructor. It also seems like it needs some backward integration int jboss/tomcat to get the authentication completed. Am I missing something?