Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Added jboss-custom-login miniproject

  • Loading branch information...
commit ce497a6f3ff331a437d61067ad84780ca3dc3228 1 parent f5013b2
@jakubholynet authored
View
69 miniprojects/jboss-custom-login/README.md
@@ -0,0 +1,69 @@
+Examples of custom login modules for JBoss AS
+==============================================
+
+Tried with JBoss AS 7 but the code I use hasn't changed in years so
+it should work equally well with JBoss 5 - 7 - future.
+
+Configuration
+-------------
+
+Make sure that your `<JBoss AS 7.1.0.Final>/standalone/configuration/standalone.xml`
+contains this fragment:
+
+ <security-domains>
+ <security-domain name="form-auth" cache-type="default">
+ <authentication>
+ <login-module code="custom.MySimpleUsernamePasswordLoginModule" flag="required">
+ <!--module-option name="exampleProperty" value="exampleValue"/-->
+ </login-module>
+ </authentication>
+ </security-domain>
+
+Notice that the domain to use for this webapp is specified in its jboss-web.xml.
+
+Login Module Deployment
+------------------------
+
+At JBoss AS 7 you can deploy the login module as a part of this webapp, just by having its .class in
+WEB-INF/classes/ (and make sure you have it configured in standalone.xml).
+
+For details read [JBossAS7SecurityDomainModel#Using_custom_login_module](https://community.jboss.org/wiki/JBossAS7SecurityDomainModel#Using_custom_login_module)
+(notice that "write the FQCN in the code attribute" means you should write the fully qualified name of your
+login module implementation into the code attribute of a login-module element in standalone.xml).
+
+Webapp Deployment
+-----------------
+
+Deploy as usual, f.ex. run `package` and copy target/jboss-custom-login-*.war
+to `<JBoss AS 7.1.0.Final>/standalone/deployments/`
+
+Webapp should be at [http://localhost:8080/jboss-custom-login](http://localhost:8080/jboss-custom-login).
+
+Resources
+---------
+
+This part of JBoss AS hasn't changed in years. There is no good current documentation
+(i.e. for v7) but the documentation for AS 5 is pretty good and is still valid. The
+two main articles are:
+
+* JBoss EAP 5 [Security Guide Ch. 12.2. Custom Modules](http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/html/Security_Guide/sect-Custom_Modules.html)
+* JBoss EAP 5 [Security Guide Ch. 12.2.2. Custom LoginModule Example](http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/html/Security_Guide/sect-Custom_LoginModule_Example.html)
+
+If you f.ex. can reuse JBoss' DatabaseServerLoginModule but have your passwords encrypted in a way
+not supported out of the box than you can subclass it and override `convertRawPassword` to encrypt
+the user-provided password accordingly, as described in [CreatingACustomLoginModule](https://community.jboss.org/wiki/CreatingACustomLoginModule).
+
+JBoss AS 7 specific (but rather too brief):
+
+* [https://community.jboss.org/wiki/JBossAS7SecurityCustomLoginModules](https://community.jboss.org/wiki/JBossAS7SecurityCustomLoginModules)
+* [https://community.jboss.org/wiki/JBossAS7SecurityDomainModel](https://community.jboss.org/wiki/JBossAS7SecurityDomainModel)
+
+Other:
+
+* [Source code of JBoss' DatabaseServerLoginModule](http://www.docjar.com/html/api/org/jboss/security/auth/spi/DatabaseServerLoginModule.java.html)
+
+ Credits
+ -------
+
+ The webapp with the exception of the login module class comes from the article
+ https://community.jboss.org/wiki/JBossAS7SecurityCustomLoginModules.
View
27 miniprojects/jboss-custom-login/pom.xml
@@ -0,0 +1,27 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>net.jakubholy.blog</groupId>
+ <artifactId>jboss-custom-login</artifactId>
+ <packaging>war</packaging>
+ <version>0.0.1-SNAPSHOT</version>
+ <name>jboss-custom-login Maven Webapp</name>
+ <url>http://maven.apache.org</url>
+ <dependencies>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jbosssx</artifactId>
+ <version>3.2.3</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-jaas</artifactId>
+ <version>3.2.3</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+ <build>
+ <finalName>jboss-custom-login</finalName>
+ </build>
+</project>
View
76 ...projects/jboss-custom-login/src/main/java/custom/MySimpleUsernamePasswordLoginModule.java
@@ -0,0 +1,76 @@
+package custom;
+
+import java.security.acl.Group;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
+
+/**
+ * The simples username and password based login module possible,
+ * extending JBoss' {@link UsernamePasswordLoginModule}.
+ */
+public class MySimpleUsernamePasswordLoginModule extends UsernamePasswordLoginModule {
+
+ @SuppressWarnings("rawtypes")
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map sharedState,
+ Map options) {
+ // We could read options passed via <module-option> in standalone.xml if there were any here
+ // For an example see http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/html/Security_Guide/sect-Custom_LoginModule_Example.html
+
+ // We could also f.ex. lookup a data source in JNDI
+ // For an example see http://www.docjar.com/html/api/org/jboss/security/auth/spi/DatabaseServerLoginModule.java.html
+ super.initialize(subject, callbackHandler, sharedState, options);
+ }
+
+ /**
+ * (required) The UsernamePasswordLoginModule modules compares the result of this
+ * method with the actual password.
+ */
+ @Override
+ protected String getUsersPassword() throws LoginException {
+ System.out.format("MyLoginModule: authenticating user '%s'\n", getUsername());
+ // Lets pretend we got the password from somewhere and that it's, by a chance, same as the username
+ String password = super.getUsername();
+ // Let's also pretend that we haven't got it in plain text but encrypted
+ // (the encryption being very simple, namely capitalization)
+ password = password.toUpperCase();
+ return password;
+ }
+
+ /**
+ * (optional) Override if you want to change how the password are compared or
+ * if you need to perform some conversion on them.
+ */
+ @Override
+ protected boolean validatePassword(String inputPassword, String expectedPassword) {
+ // Let's encrypt the password typed by the user in the same way as the stored password
+ // so that they can be compared for equality.
+ String encryptedInputPassword = (inputPassword == null)? null : inputPassword.toUpperCase();
+ System.out.format("Validating that (encrypted) input psw '%s' equals to (encrypted) '%s'\n"
+ , encryptedInputPassword, expectedPassword);
+ return super.validatePassword(encryptedInputPassword, expectedPassword);
+ }
+
+ /**
+ * (required) The groups of the user, there must be at least one group called
+ * "Roles" (though it likely can be empty) containing the roles the user has.
+ */
+ @Override
+ protected Group[] getRoleSets() throws LoginException {
+ SimpleGroup group = new SimpleGroup("Roles");
+ try {
+ group.addMember(new SimplePrincipal("user_role"));
+ } catch (Exception e) {
+ throw new LoginException("Failed to create group member for " + group);
+ }
+ return new Group[] { group };
+ }
+
+}
View
5 miniprojects/jboss-custom-login/src/main/webapp/WEB-INF/jboss-web.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<jboss-web>
+ <security-domain>form-auth</security-domain>
+ <disable-audit>true</disable-audit>
+</jboss-web>
View
40 miniprojects/jboss-custom-login/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ version="2.5">
+
+ <display-name>Form Auth</display-name>
+ <description>
+ Form auth
+ </description>
+
+ <!-- Define a Security Constraint on this Application -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>SALES Application</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user_role</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!-- Define the Login Configuration for this Application -->
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>Tomcat SALES Application</realm-name>
+ <form-login-config>
+ <form-login-page>/login.jsp</form-login-page>
+ <form-error-page>/loginerror.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <description>
+ The role a user needs to be allowed to log in to the application
+ </description>
+ <role-name>user_role</role-name>
+ </security-role>
+</web-app>
View
1  miniprojects/jboss-custom-login/src/main/webapp/index.jsp
@@ -0,0 +1 @@
+hello
View
18 miniprojects/jboss-custom-login/src/main/webapp/login.jsp
@@ -0,0 +1,18 @@
+<html><head><title>Login Page</title></head>
+<body>
+<font size='5' color='blue'>Please Login</font><hr>
+
+<form action='j_security_check' method='post'>
+<table>
+ <tr><td>Name:</td>
+ <td><input type='text' name='j_username'></td></tr>
+ <tr><td>Password:</td>
+ <td><input type='password' name='j_password' size='8'></td>
+ </tr>
+</table>
+<br>
+ <input type='submit' value='login'>
+</form>
+<p>(Use name "me" and password "me".)</p>
+</body>
+ </html>
View
1  miniprojects/jboss-custom-login/src/main/webapp/loginerror.jsp
@@ -0,0 +1 @@
+Login failed.
View
1  miniprojects/jboss-custom-login/src/main/webapp/logout.jsp
@@ -0,0 +1 @@
+You are logged out.
Please sign in to comment.
Something went wrong with that request. Please try again.