13 Replies Latest reply: Apr 11, 2013 4:34 AM by james viet RSS

How to setup JAAS in Jboss7

Manish Garg Newbie

I need information on setting users and roles in standalone.xml configuration file.

 

In case of form based login method, what kind of code will be there in login method that willl authenticate users present in standalong.xml file.

 

I also want to know the maven dependencies for JAAS if any.

  • 1. Re: How to setup JAAS in Jboss7
    Riccardo Pasquini Novice

    you have to configure the security module, see security.xsd in the doc directory, i have a working configuration like this:

     

                <subsystem xmlns="urn:jboss:domain:security:1.1">
                    <security-domains>
                        <security-domain name="other">
                            <authentication>
                                <login-module code="UsersRoles" flag="required"/>
                            </authentication>
                        </security-domain>
                        <security-domain name="MyRealm">
                            <authentication>
                                <login-module code="Database" flag="required">
                                    <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>
                                    <module-option name="principalsQuery" value="select passwd from Users where username=?"/>
                                    <module-option name="rolesQuery" value="select userRoles,'Roles' from UserRoles where username=?" />
                                    <module-option name="hashAlgorithm" value="MD5" />
                                    <module-option name="hashEncoding" value="base64" />
                                    <module-option name="unauthenticatedIdentity" value="guest"/>
                                </login-module>
                            </authentication>
                        </security-domain>
                    </security-domains>
                </subsystem>
    
    

     

    here (https://docs.jboss.org/author/display/AS7/Security+subsystem+configuration) you can find additional infos.. it is not well documented but enough...

     

    this is my login page

     

                <form method="post" action="j_security_check">
                    <h:panelGrid id="panel" columns="2" border="1">
                        <f:facet name="header">
                            <h:outputText value="TODO" />
                        </f:facet>
                        <h:outputLabel value="#{labels['username']}" />
                        <input type="text" name="j_username" size="25" />
                        <h:outputLabel value="#{labels['password']}" />
                        <input type="password" size="15" name="j_password" />
                        <f:facet name="footer">
                            <h:panelGroup
                                style="display:block; text-align:center">
                                <input type="submit"
                                    value="#{labels['submit']}" />
                            </h:panelGroup>
                        </f:facet>
                    </h:panelGrid>
                </form>
    

     

    there is no need of dependencies... just the std one:

     

            <dependency>
                <groupId>javax</groupId>
                <artifactId>javaee-web-api</artifactId>
                <version>6.0</version>
                <scope>provided</scope>
            </dependency>
    

     

    hope this can help

     

    bye

  • 2. Re: How to setup JAAS in Jboss7
    Manish Garg Newbie

    Thanks for the help and quick response.

     

    I need to configure user and roles in configuration file instead of database.

    Also when the login button is submitted, what should be logic to authenticate user so that the Security Constraint defined in web.xml file is valid?

  • 3. Re: How to setup JAAS in Jboss7
    Riccardo Pasquini Novice

    use the login-module UsersRoles

    files are looked up in the $JBOSS_HOME/standalone/configuration or $JBOSS_HOME/domain/servers/<srver_name>/configuration directory

    try to search in jboss 5 documentation the required module-option that you need for the file based authentication if you need to override default behaviors

     

    authentication business logic is delegated to the j_security_check servlet which is out of the application scope, on success you can access the secured paths with the principal in the context

     

    let me know if everything sounds good

     

    bye

  • 4. Re: How to setup JAAS in Jboss7
    Humberto Ferreira da Luz Jr. Novice

    Riccardo Pasquini, how should I reference the security-domain in my web application? Should I use web.xml like below?

     

    <login-config>

            <auth-method>FORM</auth-method>

            <realm-name>myRealm</realm-name>

            <form-login-config>

                <form-login-page>/Login.xhtml</form-login-page>

                <form-error-page>/LoginError.xhtml</form-error-page>

            </form-login-config>

        </login-config>

     

    Or should I create a jboss-web.xml?

     

    Thanks in advance.

    Riccardo Pasquini wrote:

     

    you have to configure the security module, see security.xsd in the doc directory, i have a working configuration like this:

     

                <subsystem xmlns="urn:jboss:domain:security:1.1">                <security-domains>                    <security-domain name="other">                        <authentication>                            <login-module code="UsersRoles" flag="required"/>                        </authentication>                    </security-domain>                    <security-domain name="MyRealm">                        <authentication>                            <login-module code="Database" flag="required">                                <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>                                <module-option name="principalsQuery" value="select passwd from Users where username=?"/>                                <module-option name="rolesQuery" value="select userRoles,'Roles' from UserRoles where username=?" />                                <module-option name="hashAlgorithm" value="MD5" />                                <module-option name="hashEncoding" value="base64" />                                <module-option name="unauthenticatedIdentity" value="guest"/>                            </login-module>                        </authentication>                    </security-domain>                </security-domains>            </subsystem>

     

    here (https://docs.jboss.org/author/display/AS7/Security+subsystem+configuration) you can find additional infos.. it is not well documented but enough...

     

    this is my login page

     

                <form method="post" action="j_security_check">                <h:panelGrid id="panel" columns="2" border="1">                    <f:facet name="header">                        <h:outputText value="TODO" />                    </f:facet>                    <h:outputLabel value="#{labels['username']}" />                    <input type="text" name="j_username" size="25" />                    <h:outputLabel value="#{labels['password']}" />                    <input type="password" size="15" name="j_password" />                    <f:facet name="footer">                        <h:panelGroup
                                style="display:block; text-align:center">                            <input type="submit"
                                    value="#{labels['submit']}" />                        </h:panelGroup>                    </f:facet>                </h:panelGrid>            </form>

     

    there is no need of dependencies... just the std one:

     

            <dependency>            <groupId>javax</groupId>            <artifactId>javaee-web-api</artifactId>            <version>6.0</version>            <scope>provided</scope>        </dependency>

     

    hope this can help

     

    bye

  • 5. Re: How to setup JAAS in Jboss7
    Riccardo Pasquini Novice

    you need jboss-web.xml

    something like this:

     

    <?xml version="1.0" encoding="UTF-8"?>
    <jboss-web>
        <security-domain>java:/jaas/MyRealm</security-domain>
    </jboss-web>
    
    

     

    bye

  • 6. Re: How to setup JAAS in Jboss7
    Humberto Ferreira da Luz Jr. Novice

    Thank you, now everything is working as expected. I'm really happy with JBoss AS 7. =)

  • 7. Re: How to setup JAAS in Jboss7
    James Chan Newbie

    Can i do this in jboss 6 as well? if so would you know which files i would place the <security-domain> tag in?

  • 9. Re: How to setup JAAS in Jboss7
    Phanor Coll Newbie

    I managed to do it, authentication works but when correct credentials a entered I get this ERROR:

     

    HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser

     

     

    any suggestions? does anyone has a working example of JBOSS AS 7.1 and JAAS?

  • 10. Re: How to setup JAAS in Jboss7
    Riccardo Pasquini Novice

    It is not an issue... it means you stayed too much time in the configured login form... just do what the message says

     

    bye

  • 11. Re: How to setup JAAS in Jboss7
    Sanjay Amatya Newbie

    I haven't seen this issue. But looks like there is an issue with JBoss 7. More info and solution can be found here.

    http://blog.amatya.net/2012/09/implementing-security-with-jaas-on.html

  • 12. Re: How to setup JAAS in Jboss7
    james viet Newbie

    Hi,


    I followed your step:

    When I put username and password in conrect: error page will visible.

    And server log throw error:

    11:41:19,902  ERROR  [org.jboss.security.authentication.JBossCachedAuthenticationManager]  (http--192.168.95.22-8080-1) Login failure:  javax.security.auth.login.FailedLoginException: Password  Incorrect/Password Required
        at  org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270)  [picketbox-4.0.7.Final.jar:4.0.7.Final]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05]
        at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05]
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_05]
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_05]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_05]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_05]
        at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_05]
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_05]
        at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_05]
         at  org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449)  [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
        at  org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383)  [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
        at  org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371)  [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
        at  org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160)  [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
        at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
        at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.13.Final.jar:]
    ................................

    But when I login by user and password correctly, then click submit button

    Server didn't throw error.

    I just receive firefox error page:

    The connection was reset

    The connection to the server was reset while the page was loading.

    The site could be temporarily unavailable or too busy. Try again in a few moments.

    If you are unable to load any pages, check your computer's network
        connection.

    If your computer or network is protected by a firewall or proxy, make sure
        that Firefox is permitted to access the Web.

    //

    Could you plz give me your advise?

  • 13. Re: How to setup JAAS in Jboss7
    james viet Newbie

    I resolved it. Because I should access to file in admin folder to authenticate.

    If someone would like to have source for reference, please mail for me: jamesleviet@gmail.com