Version 1
Created by abn on Sep 5, 2012 5:06 AM. Last modified by abn on Sep 5, 2012 5:46 AM.

    Configuring Valves

    Valves can be configured in AS7/EAP6 in an application's jboss-web.xml file by adding the following to the <jboss-web> element where "org.jboss.security.negotiation.NegotiationAuthenticator" can be replaced with the desired Valve.[1]

    <valve>
    <class-name>org.jboss.security.negotiation.NegotiationAuthenticator</class-name>
</valve>

     

    Another example using a custom authenticator valve:

    <valve> 
    <class-name>org.jboss.web.tomcat.security.GenericHeaderAuthenticator</class-name>
    <param>
        <param-name>httpHeaderForSSOAuth</param-name>
        <param-value>sm_ssoid,ct-remote-user,HTTP_OBLIX_UID</param-value>
    </param>
    <param>
        <param-name>sessionCookieForSSOAuth</param-name>
        <param-value>SMSESSION,CTSESSION,ObSSOCookie</param-value>
    </param>
</valve>

     

    Note that here we added additional configuration using the <param> element, which is similar to the <attribute> element used in previous versions when configuring valves using context.xml file.

     

    Writing Custom Authenticators

    Custom authenticators can be written by either implementing the Authenticator Interface [2] or extending already implemented Authenticators [3]. An example of the later is detailed by Anil Saldhana in his community post [4]. However, due to changes in jboss-web, in AS7/EAP6 the authenticate() method's signature has changed [2,5]. This is important to note when porting the code at [4] or any old custom authenticators to AS7/EAP6.

     

    The required signature for the authenticate() method is:

    public boolean authenticate(Request request, HttpServletResponse response)
        throws IOException, ServletException;

     

    The modified version of an extended custom authenticator valve from [4] is provided in the attachment GenericHeaderAuthenticator.java.zip, which extends the ExtendedFormAuthenticator class.

     

    An example of using this custom authenticator is provided here. We base this example on the AS7/EAP6 quick-start "servlet-security". The source code is provided in the attached file servlet-security-custom.zip and the war is attached as jboss-as-servlet-security.war. The changes that were made are as follows:

    • Modified dependencies in pom.xml
    • Added org.jboss.web.tomcat.security.GenericHeaderAuthenticator
    • Modified WEB-INF/jboss-web.xml
    • Added <form-login-config> to WEB-INF/web.xml as we are are using a form based authentication here
    • Added login.html, error.html for form based authentication

     

    To deploy this webapp,

     

    Important Note: This is just a quick example of how to use a custom authenticator valve. This is not production code.

     

    If you are writing your own authenticator valves, [2,3] can be very useful references.

     

    References:

    [1] https://community.jboss.org/wiki/JBossAS7SecurityDomainModel#Deploying_Custom_Tomcat_Authenticators_in_AS7

    [2] http://anonsvn.jboss.org/repos/jbossweb/trunk/src/main/java/org/apache/catalina/Authenticator.java

    [3] http://anonsvn.jboss.org/repos/jbossweb/trunk/src/main/java/org/apache/catalina/authenticator/

    [4] https://community.jboss.org/wiki/GenericHeaderBasedAuthentication

    [5] https://access.redhat.com/knowledge/solutions/145303

    9239 Views Categories: Tags: