Home › Configure JBoss for Basic Authentication

Configure JBoss for Basic Authentication 

nogeek
Joined:
03/21/2010
Posts:
49

September 29, 2010 19:22:15    Last update: September 29, 2010 19:22:15
Assuming you are using the default server.
  1. Edit the file server/default/conf/login-config.xml
    Copy & paste the section: 
    <application-policy name="web-console">
    <authentication>
	<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
	    <module-option name="usersProperties">web-console-users.properties</module-option>
	    <module-option name="rolesProperties">web-console-roles.properties</module-option>
      </login-module>
    </authentication>
</application-policy>


    Change the copy to: 
    <application-policy name="myapp">
    <authentication>
	<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
	    <module-option name="usersProperties">props/myapp-users.properties</module-option>
	    <module-option name="rolesProperties">props/myapp-roles.properties</module-option>
	</login-module>
    </authentication>
</application-policy>


  2. Create users properties file
    Copy server/default/conf/props/jmx-console-users.properties to server/default/conf/props/myapp-users.properties. Change contents to: 
    # users.properties file for use with the UsersRolesLoginModule
testUserName=testUserPassword


  3. Create roles properties file
    Copy server/default/conf/props/jmx-console-roles.properties to server/default/conf/props/myapp-roles.properties. Change contents to: 
    # roles.properties file for use with the UsersRolesLoginModule
testUserName=testUserRole


  4. Edit web.xml in the application myapp. Add security constraints: 
    <security-constraint>
    <web-resource-collection>
	<web-resource-name>All resources</web-resource-name>
	<description>Protects all resources</description>
	<url-pattern>/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
	<role-name>testUserRole</role-name>
    </auth-constraint>
</security-constraint>
   
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Test Realm</realm-name>
</login-config>

<security-role>
    <role-name>testUserRole</role-name>
</security-role>


  5. Add file WEB-INF/jboss-web.xml with the following contents: 
    <?xml version='1.0' encoding='UTF-8' ?>
 
<!DOCTYPE jboss-web
    PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
    "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">

<jboss-web>
  <security-domain>java:/jaas/myapp</security-domain>
</jboss-web>

    where myapp corresponds to the name attribute for application-policy in step 1.
Share |
| Comment  | Tags
 

Related Notes