首页 > 代码库 > configure JAAS for jboss 7.1 and mysql--reference

configure JAAS for jboss 7.1 and mysql--reference

Hello all, In this tutorial we are going to configure JAAS for jboss 7.1 and mysql for Form based authentication to be used in a web application. . We have already covered how toconfigure jaas for tomcat 7 and mysql. The difference between these is due to jBoss 7.1 application server. We need to configure subsystems and modules in case of jBoss 7.1 unlike Tomcat. It is assumed that you have basic knowledge of mysql, application servers, eclipse and creating a dynamic web project.

 

Configure JAAS for jboss 7.1

Pre-requisites:

  1. jBoss 7.1 application server
  2. Mysql database
  3. eclipse IDE (I’m using Juno in this article)
  4. Mysql connector jar file

Database configuration.

Create a database and create three tables as provided in the diagram.

Tables  to be created for  JDBCRealm of users

Tables to be created for JDBCRealm of users

  • users: Stores username and password which need to be authenticated
  • roles :  Stores allowed roles
  • users_roles: Stores the relation between users and their allowed roles.

This table structure is needed to configure JAAS for jboss 7.1 and mysql

Create database :

 

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
CREATE DATABASE tutorialsdb;
USE tutorialsdb;
CREATE TABLE users (
username varchar(20) NOT NULL PRIMARY KEY,
password varchar(20) NOT NULL
);
CREATE TABLE roles (
rolename varchar(20) NOT NULL PRIMARY KEY
);
CREATE TABLE users_roles (
username varchar(20) NOT NULL,
rolename varchar(20) NOT NULL,
PRIMARY KEY (username, rolename),
CONSTRAINT users_roles_fk1 FOREIGN KEY (username) REFERENCES users (username),
CONSTRAINT users_roles_fk2 FOREIGN KEY (rolename) REFERENCES roles (rolename)
);

 

 Insert data into database:

 

 
1
2
3
4
INSERT INTO `tutorialsdb`.`users` (`username`, `password`) VALUES (‘prasad‘, ‘kharkar‘);
INSERT INTO `tutorialsdb`.`roles` (`rolename`) VALUES (‘user‘);
INSERT INTO `tutorialsdb`.`users_roles` (`username`, `rolename`) VALUES (‘prasad‘, ‘user‘);
COMMIT;

Now we are done with your database part. We need to tell jBoss application server that we are going to use this database for JDBCRealm purpose. Normally we would place mysql connector jar into library of web application but for jBoss 7.1 we need to create a module for it and declare it in jBoss configuration file i.e. standalone.xml .

 

Creating module for mysql :

  • Navigate to <jboss_home>/modules/com  e.g. C:\jboss-as-7.1.1.Final\modules\com
  • Create a folder called mysql in it and under mysql , create another folder named main
  • Under main , copy your mysql connector jar file  and create a file calledmodule.xml

Your structure and the files under main folder should be

Folder structure for module

Folder structure for module

 

filesForModule

Now that we have created module.xml file and copied mysql connector jar for jdbc connectivity we need to specify that we are using this mysql connector jar as a resource for this module name.

So in your blank module.xml file, put following code

 

 
1
2
3
4
5
6
7
8
9
10
11
<module xmlns="urn:jboss:module:1.1" name="com.mysql">
 
    <resources>
        <resource-root path="mysql-connector-java-5.1.21-bin.jar"/>
    </resources>
    <dependencies>
        <module name="javax.api"/>
        <module name="javax.transaction.api"/>
        <module name="javax.servlet.api" optional="true"/>
    </dependencies>
</module>

We are done for module creation. Now we need to configure it in standalone.xml

Configure module in standalone.xml

Navigate to <jboss_home>/standalone/configuration and open standalone.xml .

You will find a datasources tag under which you need to put this

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<datasource jta="false" jndi-name="java:/jBossJaasMysql" pool-name="jBossJaasMysql" enabled="true" use-ccm="false">
      <connection-url>jdbc:mysql://localhost:3306/tutorialsDB</connection-url>
      <driver-class>com.mysql.jdbc.Driver</driver-class>
      <driver>mysql</driver>
      <security>
          <user-name>root</user-name>
          <password>root</password>
      </security>
      <validation>
          <validate-on-match>false</validate-on-match>
          <background-validation>false</background-validation>
      </validation>
      <statement>
          <share-prepared-statements>false</share-prepared-statements>
      </statement>
</datasource>

 

  •  jndi name is the identifier we are going to use in our security configuration.
  • jdbc:mysql://localhost:3306/tutorialsDB is our database to which jndi name points.

Add following code to subsystems tag.

 
1
2
3
<subsystem xmlns="urn:jboss:domain:jpa:1.0">
            <jpa default-datasource="java:/jBossJaasMysql"/>
</subsystem>

Configure jdbc driver using previously created module. Add following into drivers tag instandalone.xml

 
1
2
3
<driver name="mysql" module="com.mysql">
    <xa-datasource-class>com.mysql.jdbc.Driver</xa-datasource-class>
</driver>

Now jBoss7.1 know that this database will be used as datasource. Now we need to configure this JAAS for jboss 7.1. So we will define security subsystem for authentication and authorization.

Add following code to  standalone.xml  under security-domains

 
1
2
3
4
5
6
7
8
9
<security-domain name="jBossJaasMysqlRealm">
                    <authentication>
                        <login-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="java:/jBossJaasMysql"/>
                            <module-option name="principalsQuery" value="select password from users where username = ?"/>
                            <module-option name="rolesQuery" value="select roleName,‘Roles‘ from users_roles where username=?"/>
                        </login-module>
                    </authentication>
                </security-domain>

 

  •  dsJndiName defines the name of the datasource used for jdbc realm.
  • principalsQuery defines the query which retrieves all usernames from the database which is configured for jdbc realm. In our case tutorialsdb will be used.
  • rolesQuery defines the roles defined for user which is authenticated.

Configuration is done for jBoss application server.

Application configuration:

First create a new dynamic web project in eclipse. We will name it jBossJaasMysql.After creating it, create files as shown in following folder structure.

Folder Structure of application

Folder Structure of application

  • login.jsp : asks username and password for the user.
  • index.jsp : This is a protected resource. Accessing this directly should ask for username and password using FORM based authentication and authorization service which we have configured.
  • jboss-web.xml : Tells the application which security system should be used.
  • web.xml: Configures application for FORM based authentication.

 

 

index.jsp

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
 
    This a constrained resource.
 
</body>
</html>

login.jsp

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
    <form action="j_security_check" method="post">
        username : <input type="text" name="j_username"/><br>
        password : <input type="password" name = "j_password"/><br>
        <input type ="submit" name = "submit" value = "submit">
    </form>
</body>
</html>

error.jsp

 
1
2
3
4
5
6
7
8
<html>
<head>
<title>Error Page For Examples</title>
</head>
<body bgcolor="white">
Invalid username and/or password
</body>
</html>

Add this code to your web.xml

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
<security-constraint>
        <display-name>Example Security Constraint</display-name>
        <web-resource-collection>
            <web-resource-name>Protected Area</web-resource-name>
            <url-pattern>/protected/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
 
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>jBossJaasMysqlRealm</realm-name>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/error.jsp</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <description> A user </description>
        <role-name>user</role-name>
    </security-role>

 

  •  code in web-resource-collection tag means that resources with url pattern/protected/*  are constrained such that only DELETE, GET, POST and PUT operations can be performed for the role user
  • login-config configures the FORM authentication.

This is your jboss-web.xml

 
1
2
3
4
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>java:/jaas/jBossJaasMysqlRealm</security-domain>
</jboss-web>

We are all done with configuration and setup part.

Hit the url http://localhost:8080/jBossJaasMysql/protected/index.jsp

As this is constrained resource, you will be asked to log in to application by this page.

Login page

Login page

Enter wrong username and password e.g. someUser/somePassword and click submit. You will see error.jsp showing message Invalid username and/or password.

Now again visit http://localhost:8080/jBossJaasMysql/protected/index.jsp  and enter username as prasad and password as kharkar.

This time, as we configure JAAS for jboss 7.1 and mysql the user prasad will be checked into database and the roles allotted to him. If he enters correct password, then he is authenticated. If a constrained resource is allowed to access a particular role, then it will be available. As index.jsp can be accessed with role user, prasad can accessindex.jsp now.

index.jsp

Hope this tutorial helps configure JAAS for jboss 7.1 and mysql.