Securing with JBoss AS

In this recipe, we will configure GateIn with JAAS using JBoss AS (5.x and 6.x).

Getting ready

Locate the WEB-INF folder inside your portal application.

How to do it…

Create a new file named jboss-web.xml in the WEB-INF folder with the following content: 

<jboss-web>
  <security-domain>
     java:/jaas/gatein-domain
  </security-domain>
</jboss-web>

How it works…

This is the JNDI URL where the JAAS module will be referenced. This URL will automatically search the JAAS modules called gatein-domain.

The configuration of the modules can be found inside the file gatein-jboss-beans.xml. Usually, this file is inside the deployed <PORTAL_WAR_ROOT>/META-INF, but it could be placed anywhere inside the deploy directory of JBoss, thanks to the auto-discovery feature provided by the JBoss AS.

Here is an example:

<deployment xmlns="urn:jboss:bean-deployer:2.0">

  <application-policy 
     xmlns="urn:jboss:security-beans:1.0" 
     name="gatein-domain">
    <authentication>
      <login-module code=
        "org.gatein.wci.security.WCILoginModule"
       flag="optional">
        <module-option name="portalContainerName">
           portal
        </module-option>
        <module-option name="realmName">
           gatein-domain
        </module-option>
      </login-module>
      <login-module code=
     "org.exoplatform.web.security.PortalLoginModule" flag="required">
………..
  </application-policy>

</deployment>

JAAS allows adding several login modules, which will be executed in cascade mode according to the flag attribute. The following represents a description of the valid values for the flag attribute and their respective semantics as mentioned in the Java standard API:

  • Required: The LoginModule is required to succeed. If it succeeds or fails, authentication still continues to proceed to the next LoginModule in the list.
  • Requisite: The LoginModule is required to succeed. If it succeeds, authentication continues on the next LoginModule in the list. If it fails, the control immediately returns to the application and the authentication process does not proceed to the next LoginModule.
  • Sufficient: The LoginModule is not required to succeed. If it does succeed, the control immediately returns to the application and the authentication process does not proceed to the next LoginModule. If it fails, authentication continues forward to the next LoginModule.
  • Optional: The LoginModule is not required to succeed. If it succeeds or fails, authentication still continues to proceed to the next LoginModule.

Look at the recipe Choosing the JAAS modules for details about each login module.

See also

  • The Securing portals recipe
  • The Securing with Tomcat recipe
  • The Choosing the JAAS modules recipe
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.104.27