How to configure simple authentication in Jboss7.1
Solution 1
Just set up the BASIC authentication for 7.1 following steps from this article.
Try this.
Configuration
Web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>All Access</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ApplicationRealm</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/other</security-domain>
</jboss-web>
standalone.xml
Don't need to do anything if you are using ApplicationRealm.
Adding user
You can add users to ApplicationRealm using tools provided by jboss.
From within %JBOSS_HOME%/bin. Use add-user.bat (or) add-user.sh tools.
C:\dev\jboss-eap-6.2\bin>add-user
What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a): b
Enter the details of the new user to add.
Using realm 'ApplicationRealm' as discovered from the existing property files.
Username : johngalt
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: user
About to add user 'johngalt' for realm 'ApplicationRealm'
Is this correct yes/no? yes
Added user 'johngalt' to file 'C:\dev\jboss-eap-6.2\standalone\configuration\application-users.properties'
Added user 'johngalt' to file 'C:\dev\jboss-eap-6.2\domain\configuration\application-users.properties'
Added user 'johngalt' with groups user to file 'C:\dev\jboss-eap-6.2\standalone\configuration\application-roles.properties'
Added user 'johngalt' with groups user to file 'C:\dev\jboss-eap-6.2\domain\configuration\application-roles.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? no
Press any key to continue . . .
C:\dev\jboss-eap-6.2\bin>
This worked for me
Solution 2
This is what works for me. Add this to the web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAuth</web-resource-name>
<description>application security constraints
</description>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ApplicationRealm</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
Then add to or create a jboss-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/other</security-domain>
</jboss-web>
add user name to jboss: C:\jboss\jboss-eap-6.2\bin>add-user.bat
What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a): b
Enter the details of the new user to add.
Using realm 'ApplicationRealm' as discovered from the existing property files.
Username : testid
User 'testid' already exits, would you like to update the existing user password
and roles
Is this correct yes/no? yes
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated
list, or leave blank for none)[user]: user,Manager
Updated user 'testid' to file 'C:\jboss\jboss-eap-6.2\standalone\configuration\a
pplication-users.properties'
Updated user 'testid' to file 'C:\jboss\jboss-eap-6.2\domain\configuration\appli
cation-users.properties'
Updated user 'testid' with groups user,Manager to file 'C:\jboss\jboss-eap-6.2\s
tandalone\configuration\application-roles.properties'
Updated user 'testid' with groups user,Manager to file 'C:\jboss\jboss-eap-6.2\d
omain\configuration\application-roles.properties'
Is this new user going to be used for one AS process to connect to another AS pr
ocess?
e.g. for a slave host controller connecting to the master or for a Remoting conn
ection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <sec
ret value="TWF2ZXJpY2sjMDE=" />
Press any key to continue . . .
Comments
-
Drogba almost 2 years
I am working on project written by pure jsps(scriptlets) without using any frameworks.
jboss version: jboss-as-7.1.0.Final
I am now trying to add simple authentication on it. So when user try to browser the jsps, say,
http://localhost/myContextPath/hello.jsp
, it requires a login first.web.xml
<security-constraint> <web-resource-collection> <web-resource-name>All Access</web-resource-name> <url-pattern>/*</url-pattern> <http-method>DELETE</http-method> <http-method>PUT</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config>
jboss-web.xml
<jboss-web> <security-domain>other</security-domain> </jboss-web>
standalone.xml([jboss_home]\standalone\configuration folder)
<subsystem xmlns="urn:jboss:domain:security:1.1"> <security-domains> <security-domain name="other" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="users.properties"/> <module-option name="rolesProperties" value="roles.properties"/> </login-module> </authentication> </security-domain> <security-domain name="form-auth"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="users.properties"/> <module-option name="rolesProperties" value="roles.properties"/> </login-module> </authentication> </security-domain> </security-domains> </subsystem>
users.properties(putting under webapp classes folder)
user1=jboss7
roles.properties(putting under webapp classes folder)
user1=Admin
After all these modifications, I try to browser my hello jsp. I works as usual. No authentication and also no exception.
I am not sure am I going to a right direction, or security constraint is a completely different things. Please help, thanks!!!