• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Securing Application for JBoss5.1.0

 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I'm writing an application and I'm using Jboss5.1.0

Security is an important thing now a days so also for my application.
I have tried lots of tutorials and examples but nothings works in the way i want it to.

THE QUESTION: Is it possible to secure the lookup ?

I already tryed some things by using JAAS and DatabaseServerLoginModul but this doesn't work

thanks for your help and your know how ;)

greez Chris

 
Ranch Hand
Posts: 650
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can you please explain further what you mean by secure the lookup?
 
Chris Kie
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The best way to explain this is showing it in praktice



auth.conf file


thanks for your help
 
author
Posts: 5856
7
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is this client code that you posted? The auth.conf on the client is not used (at least, not for server authorization) - you have to configure authorization on the server.

Maybe if you explained a little more about what you are trying to do it would help.
 
Chris Kie
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi Peter

Yes this up there is clientcode.

I want to validate username and password before any lookup is done.

In other words securing Jboss with username and password stored in a database
that you can't do a lookup on a Bean before passing a validation.

Sorry for my bad english.

 
Peter Johnson
author
Posts: 5856
7
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As far as I know there is no way to secure JNDI lookup. The only thing you can secure is the call to the EJB.
 
Chris Kie
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
LoginContext.login();

is this method only to pass on username and password ?

Is it possible to secure all EJB's at once or do i have to secure
each EJB on it's own with



I think i do need this auth.conf for JAAS .. ??!?!??

 
Mark E Hansen
Ranch Hand
Posts: 650
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do you have the book: JBoss in Action? This goes through all the steps necessary to secure a J2EE application on JBoss.
Note that there are two parts. First is assigning roles to the EJB methods, using the @RolesAllowed() annotation (as well as the @SecurityDomain() annotation). The second is that you need to cause the web user to authenticate, so there will be roles associated with him, which can be checked against your @RolesAllowed() annotation.

I just went through this using JBoss 5.1.0.GA and the DatabaseServerLoginModule. If you want, I can walk you through all the steps I used to get this up and running on my end.

However, best thing would be to get Peter's book. It is a very good and helpful book. (I don't get anything for this plug )

Best Regards,

 
Chris Kie
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
no i don't have Jboss in action ...

i would be very glad if you could walk me through all the steps ...
 
Mark E Hansen
Ranch Hand
Posts: 650
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Okay, here we go.

First, you need to create a database. I used MySQL. This database will have the two tables used by the DatabaseServerLoginModule. By default these tables are called Principals and Roles, although you can change this with configuration (we'll see later). Here are the create table statements I used on mysql:


You then need to insert rows into both tables. The Principals table holds the user login and password. The Roles table holds the list of roles you wish the user to participate in. Note that the RoleGroup column must have a value of 'Roles' (but we can eliminate this requirement in the configuration, which we'll see later).

If you're not sure what data to load into the tables, ask.

You'll need to configure JBoss to use the MySQL driver. This involves getting the driver jar on the server's classpath. Ask if you need help doing this, but the mysql installation instructions should give you what you need.

Next you'll need to create a datasource deployment descriptor. I named mine mysql-ds.xml, and deploy it by copying it to the server/default/deploy directory in JBOSS_HOME (note: "default" is the server name. If you're using a different server, just replace the name. I'll refer to the server as "default" in this post). Here is what my mysql-ds.xml file looks like: Note you you will need to assign your specific values to the connection-url, user-name and password elements.
These are not the web-user credentails, but the user/password used to access the MySQL database server. Note the <jndi-name> element of MySQLDS. You can make this whatever you want, but it will be used later so if you change it, change the reference used later as well.

You need to add an <application-policy> block element to the JBOSS_HOME/server/default/conf/login-config.xml file. Mine looks like this:
Note the reference to the datasource (MySQLDS). Fix that so it matches your datasource. You will need to select a security domain name. This can be whatever you want, but will be referenced later, so keep track of what you choose.

At this point, you can restart the application server (or start it, if it's not already running).

Next, you need to get the web application to prompt the user for credentials. Basically, once the configuration is set up, the application will prompt the user when they attempt to access something which requires authentication (like an EJB that includes a @RolesAllowed() annotation).
In the web.xml file for the web application, add a <login-config> element, which looks like this:
Add some <security-role> elements for each security role you will to use in the application, like the following:
Add a security constraint to force authentication for your application pages. This example will blanket all application pages. You can change the url-pattern element to lock down only specific pages:
And finally, you need to add a jboss-web.xml file to the web application, which looks like this:
Note that you will need to use your security domain name, as chosen in the login-config.xml file.

Now, in the session EJB, add the following annotations to the class:

And add the following annotation to the bean method:

I went through this rather fast, and hope I didn't miss anything. If anyone sees something wrong, please correct me.

 
Chris Kie
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you very much

I'm trying this out tomorrow, hope i get it running

but now is partytime (22:45)

 
Chris Kie
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks a lot for your help ;)

everything works fine so far ...

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
is there any algorithm that can give guarantee of data delivery on jboss or any other server.
 
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Sapna Sharma wrote:is there any algorithm that can give guarantee of data delivery on jboss or any other server.


Sapna, your question doesn't look related to the topic being discussed in this thread. Please create a separate thread to discuss your question.
 
It's fun to be me, and still legal in 9 states! Wanna see my tiny ad?
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic