Before we begin our tour we need to first install a database driver. In my previous blog I showed you how to install MySQL driver, please see http://magnus-k-karlsson.blogspot.se/2012/08/how-to-install-mysql-datasource-on.html. And in this blog I will continue to use MySQL for my data source. We will also use JBoss in standalone mode, since we are dealing with a single node installation. Remember to look at the new JBoss module capabilities if you are facing a multi node installation and you want to share the same configurations.
After you have installed your data source you can check your configuration by starting JBoss and you should receive something like in your JBoss server log.
Bound data source [java:jboss/datasources/MySQLDS]
Now continue by creating database schema and tables:
CREATE TABLE Users(username VARCHAR(255), passwd VARCHAR(255), PRIMARY KEY (username));
CREATE TABLE UserRoles(username VARCHAR(255), userRoles VARCHAR(255));
Now we continue with add a new security domain, i.e. actually configure our database login module
<security-domain name="StaticUserPwd" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/MySQLDS"/>
<module-option name="principalsQuery" value="select passwd from Users where username=?"/>
<module-option name="rolesQuery" value="select userRoles, 'Roles' from UserRoles where username=?"/>
<module-option name="hashAlgorithm" value="SHA1"/>
<module-option name="hashEncoding" value="BASE64"/>
<module-option name="hashCharset" value="UTF-8"/>
<module-option name="hashUserPassword" value="true"/>
<module-option name="hashStorePassword" value="false"/>
</login-module>
</authentication>
</security-domain>
Now we need a web application. I did not bother to build a maven application for that so I simply created a new folders manually
$ mkdir -p $JBOSS_HOME/standalone/deployments/msc-secure-webapp.war/WEB-INF
A simple Index.jsp page
$ touch $JBOSS_HOME/standalone/deployments/msc-secure-webapp.war/Index.jsp
<html>
<head>
</head>
<body>
<h2>Hello <%= request.getRemoteUser() %></h2>
</body>
</html>
And the standard web application deployment descriptor:
$ touch $JBOSS_HOME/standalone/deployments/msc-secure-webapp.war/WEB-INF/web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>MSC Secure Webapp</display-name>
<welcome-file-list>
<welcome-file>./Index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Webapp</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
<auth-constraint>
<description>These are the roles who have access.</description>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<description>This is how the user data must be transmitted.</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>StaticUserPwd</realm-name>
</login-config>
<security-role>
<description>These are the roles who have access.</description>
<role-name>*</role-name>
</security-role>
</web-app>
And the corresponding JBoss application deployment descriptor:
$ touch $JBOSS_HOME/standalone/deployments/msc-secure-webapp.war/WEB-INF/jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/StaticUserPwd</security-domain>
</jboss-web>
Before we can fire up JBoss we need to tell the JBoss container to deploy the exploded web app.
$ touch $JBOSS_HOME/standalone/deployments/msc-secure-webapp.war.dodeploy
Now we can start JBoss and look for the deployment info log,
Deployed "msc-secure-webapp.war"
Now when we try to access the web application at http://localhost:8080/msc-secure-webapp we are meet by a username and password login window. Since we do not have any user in our database we will not be able to login yet.
Lets create some user. But how do we do that when the password are suppose to be stored in a hased format? Either you can write a small Java program to get the hashed password a easier way is to use openssl. To create a hashed password for admin simple enter
$ echo -n "admin" | openssl dgst -sha1 -binary | openssl base64
And with that hashed password we can create a new user with the followin sql insert.
Insert into Users values('admin','0DPiKuNIrrVmD8IUCuw1hQxNqZc=');
Insert into UserRoles values('admin','GRP_ADMIN');
Now you can open your web application http://localhost:8080/msc-secure-webapp/ and log in with username "admin" and password "admin".
No comments:
Post a Comment