Thursday, February 17, 2011

JBoss - Form Based Authentication

This is how I made Form Based authentication work for JBoss.

web.xml entries:

<security-role>
                <role-name>admin</role-name>
        </security-role>             
   <security-constraint>

    <display-name>User Name/ Password </display-name>

    <web-resource-collection>
        <web-resource-name>Makes User Authentication Necessary for all</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>

</security-constraint>
 
  <login-config>
           <auth-method>FORM</auth-method>
            <realm-name>file</realm-name>
           <form-login-config>
                        <form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
                        <form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>
                </form-login-config>
  </login-config>

Then <jbosshome>/server/default/conf/login-config.xml has to be edited to update web-console application-policy. My login-config.xml looks like,

<application-policy name="web-console">
    <authentication>
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
        flag="required">
        <module-option name="usersProperties">users.properties</module-option>
        <module-option name="rolesProperties">roles.properties</module-option>
      </login-module>
    </authentication>
  </application-policy>

Added users.properties and roles.properties in <jbosshome>/server/default/conf directory. This setup works for me.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)