Hi,

Usually in production environments we don’t want to use the properties files to place the user name and password of different users. So in that case we have different options to tell JBoss AS7 on how to Authenticate and Authorize different users and where to store the username and password informations in more secured fashion.

In this example we are going to see how we can use the Database Authentication in order to perform login to deployed web applications. This can be achieved using “org.jboss.security.auth.spi.DatabaseServerLoginModule”.

Step1). Add the following inside your “/home/userone/jboss-as-7.0.1.Final/standalone/standalone.xml” file as following by editing the section and adding a new “DBAuthTest”.

        <subsystem xmlns="urn:jboss:domain:security:1.0">
            <security-domains>
                <security-domain name="other" cache-type="default">
                    <authentication>
                        <login-module code="Disabled" flag="required"/>
                    </authentication>
                </security-domain>
                <security-domain name="DBAuthTest">
                    <authentication>
                        <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
                            <module-option name="dsJndiName" value="java:/TestORCL"/>
                            <module-option name="principalsQuery" value="select password from  PRINCIPLES where principal_id=?"/>
                            <module-option name="rolesQuery" value="select user_role, 'Roles' from  ROLES where  principal_id=?"/>
                        </login-module>
                        <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
                            <module-option name="rolesProperties" value="/home/userone/jboss-as-7.0.1.Final/standalone/configuration/test-roles.properties"/>
                            <module-option name="replaceRole" value="false"/>
                        </login-module>
                    </authentication>
                </security-domain>
            </security-domains>
        </subsystem>

NOTE: A relative path of the properties file also can be used in the above section rather than using hard coded absolute path
<module-option name=”rolesProperties” value=”/home/userone/jboss-as-7.0.1.Final/standalone/configuration/test-roles.properties”/ >
OR
<module-option name=”rolesProperties” value=”../standalone/configuration/test-roles.properties”/>
Step2). Create a file “/home/userone/jboss-as-7.0.1.Final/standalone/configuration” with the following line:

TestUserOneGroup=TestRoleOne

Step3). Now set up the Database by creating and inserting following records in the Database :

CREATE TABLE PRINCIPLES ( principal_id VARCHAR(64) primary key,password VARCHAR(64));
CREATE TABLE ROLES ( principal_id VARCHAR(64),user_role VARCHAR(64),role_group VARCHAR(64));

Insert into PRINCIPLES values('TestUserOne','PasswordOne');
Insert into PRINCIPLES values('TestUserTwo','PasswordTwo');

Insert into ROLES values('TestUserOne','TestRoleOne','TestUserOneGroup');
Insert into ROLES values('TestUserTwo','TestRoleTwo','TestUserTwoGroup');

Step4). Now create a DataSource file with jndi-name as “java:/TestORCL” you can refer to the previous article to know how to create a DataSource: http://middlewaremagic.com/jboss/?p=350

Once you will create the DataSource from admin-console, you will see following kind of data inside your “/home/userone/jboss-as-7.0.1.Final/standalone/standalone.xml” file.

        <subsystem xmlns="urn:jboss:domain:datasources:1.0">
            <datasources>
                <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="H2DS" enabled="true" jta="true" use-java-context="true" use-ccm="true">
                    <connection-url>
                        jdbc:h2:mem:test;DB_CLOSE_DELAY=-1
                    </connection-url>
                    <driver>
                        h2
                    </driver>
                    <pool>
                        <prefill>
                            false
                        </prefill>
                        <use-strict-min>
                            false
                        </use-strict-min>
                        <flush-strategy>
                            FailingConnectionOnly
                        </flush-strategy>
                    </pool>
                    <security>
                        <user-name>
                            sa
                        </user-name>
                        <password>
                            sa
                        </password>
                    </security>
                </datasource>

                <!-- We added the following section of the DataSource -->
                <datasource jndi-name="java:/TestORCL" pool-name="TestORCL_Pool" enabled="true" jta="true" use-java-context="true" use-ccm="true">
                    <connection-url>
                        jdbc:oracle:thin:@10.10.10.10:1521:xe
                    </connection-url>
                    <driver>
                        OracleJDBCDriver
                    </driver>
                    <security>
                        <user-name>
                            TestUser
                        </user-name>
                        <password>
                            TestPassword
                        </password>
                    </security>
                </datasource>
                <!-- Above is the DataSource which we created for this Demo-->
                <drivers>
                    <!--We added the OracleJDBCDriver module here this part is elaborated in the following link: http://middlewaremagic.com/jboss/?p=350-->
                    <driver name="OracleJDBCDriver" module="oracle.jdbc"/>
                    <driver name="h2" module="com.h2database.h2">
                        <xa-datasource-class>
                            org.h2.jdbcx.JdbcDataSource
                        </xa-datasource-class>
                    </driver>
                </drivers>
            </datasources>

Step5). Make sure that your application has the following kind of tags written inside the WEB-INF/”web.xml” file:

    <security-constraint>
         <display-name>Constraint-0</display-name>
         <web-resource-collection>
             <web-resource-name>Constraint-0</web-resource-name>
             <url-pattern>/protected/*</url-pattern>
         </web-resource-collection>
         <auth-constraint>
             <role-name>*</role-name>
         </auth-constraint>
         <user-data-constraint>
             <transport-guarantee>NONE</transport-guarantee>
         </user-data-constraint>
    </security-constraint>

    <login-config>
         <auth-method>FORM</auth-method>
         <form-login-config>
             <form-login-page>/login.jsp</form-login-page>
             <form-error-page>/failedlogin.jsp</form-error-page>
         </form-login-config>
    </login-config>

    <security-role>
         <role-name>TestRoleOne</role-name>
    </security-role>

Step6). Make sure that your application has “WEB-INF/jboss-web.xml” like following:

<jboss-web>
    <security-domain>java:/jaas/DBAuthTest</security-domain>
</jboss-web>

Step7). Restart your Server and then access the application. You can enter username as “TestUserOne” and password as “PasswordOne”.
NOTE: If you are facing any issue or authentication failure then please enable the following category in your “$PROFILE/conf/jboss-log4j.xml” file to get TRACE level informations related to security ….then check the “server.log” to find out why the authentication is failing :

   <category name="org.jboss.security">
      <priority value="TRACE"/>
   </category>

.
.
Thanks
Middleware Magic Team

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.