星期二, 二月 24, 2004

JavaRanch Big Moose Saloon: JAAS With JBOSS: My How-To Tutorial

JavaRanch Big Moose Saloon: JAAS With JBOSS: My How-To Tutorial
There are a few different steps to get JAAS Auth to work in JBoss:
LOGIN CODE
-------------------


code:
--------------------------------------------------------------------------------

//THE IMPORTSimport org.jboss.security.auth.callback.SecurityAssociationHandler;import javax.security.auth.callback.*;import javax.security.auth.login.*;import java.security.Principal;//LOGIN CODE//Note: Login before you get initial contexttry{ SecurityAssociationHandler handler = new SecurityAssociationHandler(); //PRINCIPAL TO LOGIN WITH /* * To make this work, you'll need to create a user with this name * in your security file or database or whatever you use. I use a database * to store them. For this example, we'll use user="Robert", password="Paris" * * Note: I am creating a new Principal subclass here because Principal is * an abstract class. */ Principal userPrincipal = new Principal() { //THIS IS ALL YOU NEED TO IMPLEMENT public String getName() { return "Robert"; } }; //SET SECURITY ASSOCIATION HANDLER-SPECIFIC SETTINGS //Syntax: setSecurityInfo( Principal , char[] ); handler.setSecurityinfo( userPrincipal, "Paris".toCharArray() ); //GET LOGIN CONTEXT (NOTE: EJBSecurityDomain is the name I gave it in descriptor) LoginContext loginContext = new LoginContext( "EJBSecurityDomain", ( CallbackHandler ) handler ); //LOGIN loginContext.login();}catch (Exception e){ e.printStackTrace();}//THEN DO ALL YOUR getInitialContext STUFF HERE...

--------------------------------------------------------------------------------


JBOSS EJB_DESCRIPTOR INFO
---------------------------------------------

code:
--------------------------------------------------------------------------------

//THIS ALL GOES INSIDE jboss.xml IN YOUR jar FILE FOR YOUR ejb's Standard CMP 2.x EntityBean java:/jaas/EJBSecurityDomain A PersonEJB PersonHome Standard CMP 2.x EntityBean

--------------------------------------------------------------------------------


JBOSS CONFIGURATIONS
------------------------------------

code:
--------------------------------------------------------------------------------

//LOGIN FILE: Located in "${JBOSS_HOME}/server//conf/login-config.xml"// the "" is usually "default" as most people use that folder.//THIS GOES UNDER THE tag: java:/MSQLDS Select passwd from Users where username = ? Select userRoles 'Role', userRoleGroups 'RoleGroup' from UserRoles where username = ?

--------------------------------------------------------------------------------


NEEDED TO COMPILE AND RUN CLIENT
---------------------------------------------------------
NOTE: you will need these jars for BOTH compiling AND running THE CLIENT
//ALL CLIENT JARS
${JBOSS_HOME}/client/*.jar

//THIS IS THE KEY!!!! THIS IS THE JAR THEY DON'T TELL YOU
//ABOUT, BUT THAT HAS THE JAAS CLASSES!!!
${JBOSS_HOME}/server/all/lib/jbosssx.jar

RUNTIME SYSTEM PROPERTIES FOR CLIENT - REQUIRED
----------------------------------------------------------------
//NOTE: ALL THESE ARE FOR RUNNING THE CLIENT!!!
-Djava.security.manager
//I WILL GIVE YOU WHAT THIS FILE MUST CONTAIN
-Djava.security.auth.login.config=auth.conf
//I WILL GIVE YOU A SAMPLE OF THIS, JUST FOR TESTING
-Djava.security.policy=ourtest.policy
-Djava.security.auth.policy=ourtest.policy

CONFIG FILE (FOR CLIENT): auth.conf
------------------------------------------------------


code:
--------------------------------------------------------------------------------

srp-client{ //Login Module Needed - I use Database (Note it correlates to what I had in login-config.xml org.jboss.security.auth.spi.DatabaseServerLoginModule required;};//NOT 100% SURE IF THIS IS NEEDED, SINCE I HAVEN'T DONE THIS IN A WHILE AND I FORGET, //BUT IT'S IN MY FILE (Although I think it's not needed)other{ //DEFAULT CLIENT-LOGIN MODULE org.jboss.security.ClientLoginModule required;};

--------------------------------------------------------------------------------


POLICY FILE (FOR CLIENT): ourtest.policy
-----------------------------------------------------------

code:
--------------------------------------------------------------------------------

grant{ permission java.security.AllPermission;};

--------------------------------------------------------------------------------