File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JBoss/WildFly and the fly likes authentication in jboss Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of JavaScript Promises Essentials this week in the JavaScript forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "authentication in jboss" Watch "authentication in jboss" New topic
Author

authentication in jboss

saeedeh sabaie
Greenhorn

Joined: Jan 16, 2007
Posts: 9
hi
i want authenticate a username and password ,
i want to get them from a jsp page and then check it with my database(mysql) , but i dont khow how can i do it?

please help me
tanks
saeedeh sabaie
Greenhorn

Joined: Jan 16, 2007
Posts: 9
i dont know how submit my page becuase i dont want have an action and i want to use jboss xml files to authentication
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61596
    
  67

"saeedeh saeedeh",

There aren't many rules that you need to worry about here on the Ranch, but one that we take very seriously regards the use of proper names. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

Thanks!
bear
JavaRanch Sheriff


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17259
    
    6

You will need to submit.

You need to use the Servlet/JSP Spec for your login screen using BASIC, FORM, DIGEST, or CERT.

In JBoss you need to create a Security Domain in the login-config.xml, then in a jboss-web.xml file you add a <security-domain> tag with the name you gave your security domain, now create security refs in your web.xml to use the roles.

For a security domain to a database you use the DatabaseServerLoginModule class and provide how to connect to the database and a query to get the password based on username and then another query to get the roles that that user is assigned to

Check out these links
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureAWebApplicationInJBoss
http://wiki.jboss.org/wiki/Wiki.jsp?page=DatabaseServerLoginModule

Mark


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
saeedeh sabaie
Greenhorn

Joined: Jan 16, 2007
Posts: 9
tank you
i do all the thing you said but nothing happened!!
i think i have a problem in my DS
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Its simple or I have not got the problem correct.

Read the parameters submitted from the user in an servlet and fetch the password value from the database.Match the password sent by the user and database.

Apart from this , you can use containers authentication facility , or incase you think that the authentication mechanism will change frequently then can go for JAAS.Look for Jboss's documentation to use JAAS.
An article on JAAS.
[ January 22, 2007: Message edited by: Rahul Bhattacharjee ]

Rahul Bhattacharjee
LinkedIn - Blog
saeedeh sabaie
Greenhorn

Joined: Jan 16, 2007
Posts: 9
but i want to use jboss xml files to authenticate an do all the setting but it cant lookup my ds !!
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17259
    
    6

"saeedeh"

You are still not following the JavaRanch Naming Policy.

The policy requires using your real first and real last names. Not just a single, first name.

Thanks

Show us your login-config.xml security domain that you are using, Also post your jboss-web.xml and the portion of your web.xml that creates the security roles and constraint mappings, and the web.xml that shows the login form mapping. Thanks.

Mark
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Originally posted by saeedeh:
but i want to use jboss xml files to authenticate an do all the setting but it cant lookup my ds !!


I do not know what is jboss authentication files.Check documentation.Might be it is like tomcat-user.xml file which is used when authentication releam is set to memory.
saeedeh sabaie
Greenhorn

Joined: Jan 16, 2007
Posts: 9
this is my policy in login-config.xml :
<application-policy name="test-policy">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/testDS</module-option>
<module-option name="principalsQuery">select pass from Users where userName=?</module-option>
<module-option name = "rolesQuery">select roleId from Users where user_id=?</module-option>
</login-module>
</authentication>
</application-policy>

and this is my jbodd-web.xml :
<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users.
<security-domain>java:/jaas/test-policy</security-domain>
-->
</jboss-web>
and my web.xml is :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app >
<distributable/>







<!-- struts -->

<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>

<init-param>
<param-name>application</param-name>
<param-value>ApplicationResources</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>1</param-value>
</init-param>
<init-param>
<param-name>validate</param-name>
<param-value>true</param-value>
</init-param>

<load-on-startup>1</load-on-startup>
</servlet>




<!--<servlet>
<servlet-name>ipu</servlet-name>
<display-name>ipu</display-name>
<description>Vista server IP updater</description>
<servlet-class>com.objectj.vc.updIP</servlet-class>
</servlet>-->


<!-- add the content of generated_web.xml here -->

<!-- struts -->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!--<servlet-mapping>
<servlet-name>calendar</servlet-name>
<url-pattern>/calendar</url-pattern>
</servlet-mapping>-->


<!--
To specify mime mappings, create a file named mime-mappings.xml, put it in your project's mergedir.
Organize mime-mappings.xml following this DTD slice:

<!ELEMENT mime-mapping (extension, mime-type)>
-->

<session-config>
<session-timeout>300</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>home.jsp</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>

<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/error.run</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error.run</location>
</error-page>
<error-page>
<error-code>400</error-code>
<location>/error.run</location>
</error-page>

<!--
To add taglibs by xml, create a file called taglibs.xml and place it
in your merge dir.
-->

<taglib>
<taglib-uri>struts-bean</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-bean.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-html</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-html.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-logic</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-logic.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-nested</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-nested.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-tiles</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-tiles.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-template</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-template.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-layout</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-layout.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>components</taglib-uri>
<taglib-location>/WEB-INF/tld/components.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-form</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-form.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>extensions</taglib-uri>
<taglib-location>/WEB-INF/tld/extensions.tld</taglib-location>
</taglib>

<taglib>
<taglib-uri>ejbtags</taglib-uri>
<taglib-location>/WEB-INF/tld/ejbTags.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>reporttags</taglib-uri>
<taglib-location>/WEB-INF/tld/report.tld</taglib-location>
</taglib>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>test-policy</realm-name>
<form-login-config>
<form-login-page>/start.run?action_type=login</form-login-page>
<form-error-page>/start.run?action_type=relogin</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>

</web-app>
and my testDS is :

<!-- ===================================================================== -->
<!-- -->
<!-- JBoss Server Configuration -->
<!-- This file is generated by Streamlet. -->
<!-- Don't change it. It will be overwritten -->
<!-- ===================================================================== -->

<datasources>
<local-tx-datasource>
<jndi-name>testDS</jndi-name>
<connection-url>jdbc:mysql://localhost/mydb</connection-url>
<driver-class>com.mysql.jdbc.Driver</driver-class>
<user-name>root</user-name>
<password></password>
<min-pool-size>2</min-pool-size>
<max-pool-size>10</max-pool-size>
</local-tx-datasource>
</datasources>

thank you
saeedeh sabaie
Greenhorn

Joined: Jan 16, 2007
Posts: 9
my login page is :

<html>
<head>
<title>
index
</title>
</head>
<body>
<form action=<%= response.encodeURL("j_security_check") %>
method=post autocomplete="off" target="_parent">
<table>
<tr>
<td>
userName: <input type="text" name="j_username" />
</td>
</tr>
<tr>
<td>
password: <input type="text" name="j_password" />
</td>
</tr>
<tr>
<td>
<input type="submit" name="submit" value="LOGIN" />
</td>
</tr>
</table>
</form>
</body>
</html>

but when i press submit nothing hapen !!
i dont know what do i must do?
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17259
    
    6

OK, here is an issue.



Your link in the jboss-web.xml to your security domain is commented out.

Try this.



Mark
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17259
    
    6

I also do not see you using a Security Role in your Servlet mappings in your web.xml. I see the security role being defined, but not used. It would have been used here



Mark
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17259
    
    6

Or maybe not. Struts might have some other way, since that Servlet mapping with a security role would mean any URL in that Struts app has to have Admin rights.

Mark
saeedeh sabaie
Greenhorn

Joined: Jan 16, 2007
Posts: 9
i change my web.xml to this :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app >
<distributable/>

<!-- struts -->

<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>

<init-param>
<param-name>application</param-name>
<param-value>ApplicationResources</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>1</param-value>
</init-param>
<init-param>
<param-name>validate</param-name>
<param-value>true</param-value>
</init-param>

<load-on-startup>1</load-on-startup>
</servlet>




<!--<servlet>
<servlet-name>ipu</servlet-name>
<display-name>ipu</display-name>
<description>Vista server IP updater</description>
<servlet-class>com.objectj.vc.updIP</servlet-class>
</servlet>-->


<!-- add the content of generated_web.xml here -->

<!-- struts -->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>



<!--
To specify mime mappings, create a file named mime-mappings.xml, put it in your project's mergedir.
Organize mime-mappings.xml following this DTD slice:

<!ELEMENT mime-mapping (extension, mime-type)>
-->

<session-config>
<session-timeout>300</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>home.jsp</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>

<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/error.run</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error.run</location>
</error-page>
<error-page>
<error-code>400</error-code>
<location>/error.run</location>
</error-page>

<!--
To add taglibs by xml, create a file called taglibs.xml and place it
in your merge dir.
-->

<taglib>
<taglib-uri>struts-bean</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-bean.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-html</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-html.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-logic</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-logic.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-nested</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-nested.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-tiles</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-tiles.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-template</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-template.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-layout</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-layout.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>components</taglib-uri>
<taglib-location>/WEB-INF/tld/components.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>struts-form</taglib-uri>
<taglib-location>/WEB-INF/tld/struts-form.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>extensions</taglib-uri>
<taglib-location>/WEB-INF/tld/extensions.tld</taglib-location>
</taglib>

<taglib>
<taglib-uri>ejbtags</taglib-uri>
<taglib-location>/WEB-INF/tld/ejbTags.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>reporttags</taglib-uri>
<taglib-location>/WEB-INF/tld/report.tld</taglib-location>
</taglib>



<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/login.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>

</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>test-policy</realm-name>
<form-login-config>
<form-login-page>/welcome.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>


<security-role>
<role-name>admin</role-name>
</security-role>


</web-app>
but when i run my programm always it submit to error page !
and when i umcomment my jboss-web.xml it has error and dosent submit any where?
would you please tell me what is wrong?

thanks
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17259
    
    6

What is the error you get.

Here is a brief explanation of authentication in JBoss.

1. Create Security Domain in login-config.xml if it points to a database it must be able to connect to the database and have those two queries to get back the password from the user table to compare the password entered. And to get the users roles. If there is no data in the database you get no results and no one can login.

2. Use jboss-web.xml and point to the security domain name.

3. use the roles in your Web.xml

if you use wrong role names or the user doesn't have that role, you get the error page.

You error could be that you don't get the database or something else.

Mark
saeedeh sabaie
Greenhorn

Joined: Jan 16, 2007
Posts: 9
thank you very much
i do that and i think that is ok but now when i run my programm i get this error :


HTTP Status 403 - Access to the requested resource has been denied

--------------------------------------------------------------------------------

type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.


--------------------------------------------------------------------------------

do you know what is wrong?
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17259
    
    6

OK, so it could be a few things,

1. wrong password entered to what is in the database,
2. the User does not have the role assigned to the URL mapping,
3. The URL Mapping is not assigned to the correct Role.

Mark
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17259
    
    6

Try reading

http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureAWebApplicationInJBoss

and

http://wiki.jboss.org/wiki/Wiki.jsp?page=CreateASimpleSecurityDomainForJBossSX

Which explains securing a web application. At this point, because we will not be able to see exactly what you have setup in everything, and what your data in your database looks like, that is the best I can do from this point forward.

Good Luck

Mark
saeedeh sabaie
Greenhorn

Joined: Jan 16, 2007
Posts: 9
thank you very much
finally my program worked !
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: authentication in jboss