Version 5

    Creating a custom LoginModule

     

    JBoss provides a number of ready to use modules including authentication against LDAP servers, relational databases and properties files. If none of the provided modules work, you can always write your own module from scratch or extend one of the abstract modules.

     

    For the purpose of illustration, suppose you are working on a project where user names and passwords are stored in a relational database. However, the passwords are base64 encoded, and so you can't use the DatabaseServerLoginModule directly. DatabaseServerLoginModule has a convenient hook for this, so you simply need to provide a subclass that looks something like the following:

     

    public class MyLoginModule 
        extends DatabaseServerLoginModule
    {
       protected String convertRawPassword(String password)
       {
            try {
                return new String((new sun.misc.BASE64Decoder()).decodeBuffer(password));
            } catch (IOException e) {
                return password;
            }
       }
    }
    

     

    To use this new LoginModule, you will need to declare a new JAAS domain in your

    standalone[-teiid].xml or domain[-teiid].xml file.

     

        <application-policy name="MyAuth">
            <authentication>
                <login-module code="com.mycompany.MyLoginModule" flag="required">
                    <module-option name="dsJndiName">java:MyDataSource</module-option>
                    <module-option name="principalsQuery">select password from usertable where login=?</module-option>
                    <module-option name="rolesQuery">select role, 'Roles' from users, userroles where login=? and users.roleId=userroles.roleId</module-option>
                </login-module>
            </authentication>
        </application-policy>
    

     

     

    After that, configuring the application to use the new authentication module is as simple as adding

    <security-domain>java:/jaas/MyAuth</security-domain>

    to your standalone[-teiid].xml or domain[-teiid].xml file and applying the standard security-constraint and security-role settings to your web.xml.

    Maven Dependency to Include

    DatabaseServerLoginModule is in the picketbox jar (moved from jbosssx in earlier versions).

     

    Maven pom.xml dependency example for JBoss EAP 6.1

     

    {code:xml}<dependency>

        <groupId>org.picketbox</groupId>

        <artifactId>picketbox</artifactId>

        <version>4.0.17.Final-redhat-1</version>

        <scope>provided</scope>

    </dependency>{code}

     

     

    Related Links: