configure JAAS for jboss 7.1 and mysql--reference

Hello all, In this tutorial we are going to configure JAAS for jboss 7.1 and mysql for Form based authentication to be used in a web application. . We have already covered how toconfigure jaas for tomcat 7 and mysql.The difference between these is due to jBoss 7.1 application server. We need to configure subsystems and modules in case of jBoss 7.1 unlike Tomcat. It is assumed that you have basic knowledge of mysql, application servers, eclipse and creating a dynamic web project.

Configure JAAS for jboss 7.1

Pre-requisites:

jBoss 7.1 application server
Mysql database
eclipse IDE (I’m using Juno in this article)
Mysql connector jar file

Database configuration.

Create a database and create three tables as provided in the diagram.

Tables to be created for JDBCRealm of users

users: Stores username and password which need to be authenticated
roles : Stores allowed roles
users_roles: Stores the relation between users and their allowed roles.

This table structure is needed to configure JAAS for jboss 7.1 and mysql

Create database :

CREATE DATABASE tutorialsdb;

USE tutorialsdb;

CREATE TABLE users (

username varchar(20) NOT NULL PRIMARY KEY,

password varchar(20) NOT NULL

);

CREATE TABLE roles (

rolename varchar(20) NOT NULL PRIMARY KEY

);

CREATE TABLE users_roles (

username varchar(20) NOT NULL,

rolename varchar(20) NOT NULL,

PRIMARY KEY (username, rolename),

CONSTRAINT users_roles_fk1 FOREIGN KEY (username) REFERENCES users (username),

CONSTRAINT users_roles_fk2 FOREIGN KEY (rolename) REFERENCES roles (rolename)

);

Insert data into database:

INSERT INTO `tutorialsdb`.`users` (`username`, `password`) VALUES ('prasad', 'kharkar');

INSERT INTO `tutorialsdb`.`roles` (`rolename`) VALUES ('user');

INSERT INTO `tutorialsdb`.`users_roles` (`username`, `rolename`) VALUES ('prasad', 'user');

COMMIT;

Now we are done with your database part. We need to tell jBoss application server that we are going to use this database for JDBCRealm purpose. Normally we would place mysql connector jar into library of web application but for jBoss 7.1 we need to create a module for it and declare it in jBoss configuration file i.e. standalone.xml .

Creating module for mysql :

Navigate to <jboss_home>/modules/com e.g. C:\jboss-as-7.1.1.Final\modules\com
Create a folder called mysql in it and under mysql , create another folder named main
Under main , copy your mysql connector jar file and create a file calledmodule.xml

Your structure and the files under main folder should be

Folder structure for module

Now that we have created module.xml file and copied mysql connector jar for jdbc connectivity we need to specify that we are using this mysql connector jar as a resource for this module name.

So in your blank module.xml file, put following code

<resource-root path="mysql-connector-java-5.1.21-bin.jar"/>

</resources>

</dependencies>

</module>

We are done for module creation. Now we need to configure it in standalone.xml

Configure module in standalone.xml

Navigate to <jboss_home>/standalone/configuration and open standalone.xml .

You will find a datasources tag under which you need to put this

<connection-url>jdbc:mysql://localhost:3306/tutorialsDB</connection-url>

<driver-class>com.mysql.jdbc.Driver</driver-class>

<driver>mysql</driver>

<user-name>root</user-name>

</security>

<validate-on-match>false</validate-on-match>

<background-validation>false</background-validation>

</validation>

<share-prepared-statements>false</share-prepared-statements>

</statement>

</datasource>

jndi name is the identifier we are going to use in our security configuration.
jdbc:mysql://localhost:3306/tutorialsDB is our database to which jndi name points.

Add following code to subsystems tag.

</subsystem>

Configure jdbc driver using previously created module. Add following into drivers tag instandalone.xml

<xa-datasource-class>com.mysql.jdbc.Driver</xa-datasource-class>

</driver>

Now jBoss7.1 know that this database will be used as datasource. Now we need to configure this JAAS for jboss 7.1. So we will define security subsystem for authentication and authorization.

Add following code to standalone.xml under security-domains

<security-domain name="jBossJaasMysqlRealm">

<login-module code="Database" flag="required">

<module-option name="dsJndiName" value="java:/jBossJaasMysql"/>

<module-option name="principalsQuery" value="select password from users where username = ?"/>

<module-option name="rolesQuery" value="select roleName,'Roles' from users_roles where username=?"/>

</login-module>

</authentication>

</security-domain>

dsJndiName defines the name of the datasource used for jdbc realm.
principalsQuery defines the query which retrieves all usernames from the database which is configured for jdbc realm. In our case tutorialsdb will be used.
rolesQuery defines the roles defined for user which is authenticated.

Configuration is done for jBoss application server.

Application configuration:

First create a new dynamic web project in eclipse. We will name it jBossJaasMysql.After creating it, create files as shown in following folder structure.

Folder Structure of application

login.jsp : asks username and password for the user.
index.jsp : This is a protected resource. Accessing this directly should ask for username and password using FORM based authentication and authorization service which we have configured.
jboss-web.xml : Tells the application which security system should be used.
web.xml: Configures application for FORM based authentication.

index.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"

pageEncoding="ISO-8859-1"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>Insert title here</title>

</head>

<body>

This a constrained resource.

</body>

</html>

login.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"

pageEncoding="ISO-8859-1"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>Insert title here</title>

</head>

<body>

username : <input type="text" name="j_username"/><br>

password : <input type="password" name = "j_password"/><br>

</form>

</body>

</html>

error.jsp

<html>

<head>

<title>Error Page For Examples</title>

</head>

Invalid username and/or password

</body>

</html>

Add this code to your web.xml

<security-constraint>

<display-name>Example Security Constraint</display-name>

<web-resource-collection>

<web-resource-name>Protected Area</web-resource-name>

<url-pattern>/protected/*</url-pattern>

<http-method>DELETE</http-method>

<http-method>GET</http-method>

<http-method>POST</http-method>

<http-method>PUT</http-method>

</web-resource-collection>

<auth-constraint>

<role-name>user</role-name>

</auth-constraint>

<user-data-constraint>

<transport-guarantee>NONE</transport-guarantee>

</user-data-constraint>

</security-constraint>

<login-config>

<auth-method>FORM</auth-method>

<realm-name>jBossJaasMysqlRealm</realm-name>

<form-login-config>

<form-login-page>/login.jsp</form-login-page>

<form-error-page>/error.jsp</form-error-page>

</form-login-config>

</login-config>

<security-role>

<role-name>user</role-name>

</security-role>

code in web-resource-collection tag means that resources with url pattern/protected/* are constrained such that only DELETE, GET, POST and PUT operations can be performed for the role user
login-config configures the FORM authentication.

This is your jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>

<jboss-web>

<security-domain>java:/jaas/jBossJaasMysqlRealm</security-domain>

</jboss-web>

We are all done with configuration and setup part.

Hit the url http://localhost:8080/jBossJaasMysql/protected/index.jsp

As this is constrained resource, you will be asked to log in to application by this page.

Enter wrong username and password e.g. someUser/somePassword and click submit. You will see error.jsp showing message Invalid username and/or password.

Now again visit http://localhost:8080/jBossJaasMysql/protected/index.jsp and enter username as prasad and password as kharkar.

This time, as we configure JAAS for jboss 7.1 and mysql the user prasad will be checked into database and the roles allotted to him. If he enters correct password, then he is authenticated. If a constrained resource is allowed to access a particular role, then it will be available. As index.jsp can be accessed with role user, prasad can accessindex.jsp now.

Hope this tutorial helps configure JAAS for jboss 7.1 and mysql.

原文地址：http://www.thejavageek.com/2013/09/18/configure-jaas-jboss-7-1-mysql/