configure JAAS for jboss 7.1 and mysql--reference
Hello all, In this tutorial we are going to configure JAAS for jboss 7.1 and mysql for Form based authentication to be used in a web application. . We have already covered how toconfigure jaas for tomcat 7 and mysql. The difference between these is due to jBoss 7.1 application server. We need to configure subsystems and modules in case of jBoss 7.1 unlike Tomcat. It is assumed that you have basic knowledge of mysql, application servers, eclipse and creating a dynamic web project.
Configure JAAS for jboss 7.1
Pre-requisites:
- jBoss 7.1 application server
- Mysql database
- eclipse IDE (I’m using Juno in this article)
- Mysql connector jar file
Database configuration.
Create a database and create three tables as provided in the diagram.
- users: Stores username and password which need to be authenticated
- roles : Stores allowed roles
- users_roles: Stores the relation between users and their allowed roles.
This table structure is needed to configure JAAS for jboss 7.1 and mysql
Create database :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
CREATE DATABASE tutorialsdb;
USE tutorialsdb;
CREATE TABLE users (
username varchar(20) NOT NULL PRIMARY KEY,
password varchar(20) NOT NULL
);
CREATE TABLE roles (
rolename varchar(20) NOT NULL PRIMARY KEY
);
CREATE TABLE users_roles (
username varchar(20) NOT NULL,
rolename varchar(20) NOT NULL,
PRIMARY KEY (username, rolename),
CONSTRAINT users_roles_fk1 FOREIGN KEY (username) REFERENCES users (username),
CONSTRAINT users_roles_fk2 FOREIGN KEY (rolename) REFERENCES roles (rolename)
);
|
Insert data into database:
1
2
3
4
|
INSERT INTO `tutorialsdb`.`users` (`username`, `password`) VALUES ('prasad', 'kharkar');
INSERT INTO `tutorialsdb`.`roles` (`rolename`) VALUES ('user');
INSERT INTO `tutorialsdb`.`users_roles` (`username`, `rolename`) VALUES ('prasad', 'user');
COMMIT;
|
Now we are done with your database part. We need to tell jBoss application server that we are going to use this database for JDBCRealm purpose. Normally we would place mysql connector jar into library of web application but for jBoss 7.1 we need to create a module for it and declare it in jBoss configuration file i.e. standalone.xml .
Creating module for mysql :
- Navigate to <jboss_home>/modules/com e.g. C:\jboss-as-7.1.1.Final\modules\com
- Create a folder called mysql in it and under mysql , create another folder named main
- Under main , copy your mysql connector jar file and create a file calledmodule.xml
Your structure and the files under main folder should be
Now that we have created module.xml file and copied mysql connector jar for jdbc connectivity we need to specify that we are using this mysql connector jar as a resource for this module name.
So in your blank module.xml file, put following code
1
2
3
4
5
6
7
8
9
10
11
|
<module xmlns="urn:jboss:module:1.1" name="com.mysql">
<resources>
<resource-root path="mysql-connector-java-5.1.21-bin.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
<module name="javax.servlet.api" optional="true"/>
</dependencies>
</module>
|
We are done for module creation. Now we need to configure it in standalone.xml
Configure module in standalone.xml
Navigate to <jboss_home>/standalone/configuration and open standalone.xml .
You will find a datasources tag under which you need to put this
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
<datasource jta="false" jndi-name="java:/jBossJaasMysql" pool-name="jBossJaasMysql" enabled="true" use-ccm="false">
<connection-url>jdbc:mysql://localhost:3306/tutorialsDB</connection-url>
<driver-class>com.mysql.jdbc.Driver</driver-class>
<driver>mysql</driver>
<security>
<user-name>root</user-name>
<password>root</password>
</security>
<validation>
<validate-on-match>false</validate-on-match>
<background-validation>false</background-validation>
</validation>
<statement>
<share-prepared-statements>false</share-prepared-statements>
</statement>
</datasource>
|
- jndi name is the identifier we are going to use in our security configuration.
- jdbc:mysql://localhost:3306/tutorialsDB is our database to which jndi name points.
Add following code to subsystems tag.
1
2
3
|
<subsystem xmlns="urn:jboss:domain:jpa:1.0">
<jpa default-datasource="java:/jBossJaasMysql"/>
</subsystem>
|
Configure jdbc driver using previously created module. Add following into drivers tag instandalone.xml
1
2
3
|
<driver name="mysql" module="com.mysql">
<xa-datasource-class>com.mysql.jdbc.Driver</xa-datasource-class>
</driver>
|
Now jBoss7.1 know that this database will be used as datasource. Now we need to configure this JAAS for jboss 7.1. So we will define security subsystem for authentication and authorization.
Add following code to standalone.xml under security-domains
1
2
3
4
5
6
7
8
9
|
<security-domain name="jBossJaasMysqlRealm">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/jBossJaasMysql"/>
<module-option name="principalsQuery" value="select password from users where username = ?"/>
<module-option name="rolesQuery" value="select roleName,'Roles' from users_roles where username=?"/>
</login-module>
</authentication>
</security-domain>
|
- dsJndiName defines the name of the datasource used for jdbc realm.
- principalsQuery defines the query which retrieves all usernames from the database which is configured for jdbc realm. In our case tutorialsdb will be used.
- rolesQuery defines the roles defined for user which is authenticated.
Configuration is done for jBoss application server.
Application configuration:
First create a new dynamic web project in eclipse. We will name it jBossJaasMysql.After creating it, create files as shown in following folder structure.
- login.jsp : asks username and password for the user.
- index.jsp : This is a protected resource. Accessing this directly should ask for username and password using FORM based authentication and authorization service which we have configured.
- jboss-web.xml : Tells the application which security system should be used.
- web.xml: Configures application for FORM based authentication.
index.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
This a constrained resource.
</body>
</html>
|
login.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<form action="j_security_check" method="post">
username : <input type="text" name="j_username"/><br>
password : <input type="password" name = "j_password"/><br>
<input type ="submit" name = "submit" value = "submit">
</form>
</body>
</html>
|
error.jsp
1
2
3
4
5
6
7
8
|
<html>
<head>
<title>Error Page For Examples</title>
</head>
<body bgcolor="white">
Invalid username and/or password
</body>
</html>
|
Add this code to your web.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jBossJaasMysqlRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description> A user </description>
<role-name>user</role-name>
</security-role>
|
- code in web-resource-collection tag means that resources with url pattern/protected/* are constrained such that only DELETE, GET, POST and PUT operations can be performed for the role user
- login-config configures the FORM authentication.
This is your jboss-web.xml
1
2
3
4
|
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/jBossJaasMysqlRealm</security-domain>
</jboss-web>
|
We are all done with configuration and setup part.
Hit the url http://localhost:8080/jBossJaasMysql/protected/index.jsp
As this is constrained resource, you will be asked to log in to application by this page.
Enter wrong username and password e.g. someUser/somePassword and click submit. You will see error.jsp showing message Invalid username and/or password.
Now again visit http://localhost:8080/jBossJaasMysql/protected/index.jsp and enter username as prasad and password as kharkar.
This time, as we configure JAAS for jboss 7.1 and mysql the user prasad will be checked into database and the roles allotted to him. If he enters correct password, then he is authenticated. If a constrained resource is allowed to access a particular role, then it will be available. As index.jsp can be accessed with role user, prasad can accessindex.jsp now.
Hope this tutorial helps configure JAAS for jboss 7.1 and mysql.
原文地址:http://www.thejavageek.com/2013/09/18/configure-jaas-jboss-7-1-mysql/
相关文章
- 【知识库】-数据库_MySQL常用SQL语句语法大全示例
- MySQL replace into 使用详解 及 注意事项
- 【MySQL】全索引扫描的bug
- 【MySQL】解决mysql的 1594 错误
- mysql分享一:运维角度浅谈MySQL数据库优化
- JSON_EXTRACT查询mysql中的{}和 [{},{}中的值]
- 磁盘、mysql、redis、hana 的故事!
- PHP连接MySQL数据库的三种方式(mysql、mysqli、pdo)--续
- MYSQL错误解决:ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
- Mysql:Error Code 1235,This version of MySQL doesn’t yet support ‘LIMIT & IN/ALL/ANY/SOME 错误解决
- 数据库基础之Mysql(3)mysql删除历史binlog
- mysql启动时报错:Starting MySQL... ERROR! The server quit without updating PID file (/opt/mysql/data/mysql.pid) 的解决方法
- PHP连接MySQL数据库的三种方式(mysql、mysqli、pdo)--续
- Linux--YUM 安装 nginx php mysql
- 【收藏】windows下 Mysql 错误 Can‘t open and lock privilege tables: Table ‘mysql.user‘ doesn‘t exist
- mysql 的 limit 与sql server 的 top n
- MySQL 新建用户,为用户授权,指定用户访问数据库
- 91.第十九章 MySQL数据库 -- 数据库原理(一)
- 安全测试===Mysql 注入技巧学习 MySQL注入技巧(1)
- mysql_13 _ 为什么表数据删掉一半,表文件大小不变?
- Mysql番外篇--最左原则-03
- Mysql原理篇之undo日志--下--12
- 【MySQL】mysql查询语句大总结_Unit04
- 【MySql】MySQL数据库--什么是MySQL的回表 ?