Help

Built with Seam

You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.

This article will cover setting up JAAS with the existing jmx-console security policy.

Open up components.xml and modify the default: 

<security:identity authenticate-method="#{authenticator.authenticate}"
                           security-rules="#{securityRules}"
                              remember-me="true"/>

To: 

<security:identity jaas-config-name="jmx-console" remember-me="true"/>

Remember that the authenticate-method and jaas-config-name are mutually exclusive, if you have one, you can't have the other. Setting jaas-config-name to jmx-console tells Seam to authenticate against the following security policy in JBoss: 

<!-- A template configuration for the jmx-console web application. This
      defaults to the UsersRolesLoginModule the same as other and should be
      changed to a stronger authentication mechanism as required.
    -->
    <application-policy name = "jmx-console">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
           <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
           <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
          </login-module>
       </authentication>
    </application-policy>

Where the jmx-console-users.properties is: 

# A sample users.properties file for use with the UsersRolesLoginModule
admin=admin

And jmx-console-roles.properties is: 

# A sample roles.properties file for use with the UsersRolesLoginModule
admin=JBossAdmin,HttpInvoker

Now deploy your project and go to the home page and login. Login with admin/admin and you'll see: 

Welcome, admin

That was simple enough, now let's see if the roles are there, on the home.seam page add: 

<rich:panel>
    	<f:facet name="header">Security information</f:facet>
    	Identity principle: #{identity.principal} <br />
    	Identity subject: #{identity.subject} <br />
    	<h:outputText value="Display when user has the JBossAdmin roll" rendered="#{s:hasRole('JBossAdmin')}" /> <br />
    	<h:outputText value="Display when user has the Employee roll (Which isn't defined)" rendered="#{s:hasRole('Employee')}" />
    </rich:panel>

Redeploy or reexplode, now login again if necessary on the home page, you will now see: 

Identity principle: admin
Identity subject: Subject: Principal: admin Principal: Roles(members:JBossAdmin,HttpInvoker)
Display when user has the JBossAdmin roll

From this point, you can begin integrating other JAAS security policies and writing your own.

2 comments:
 
14. Jul 2010, 17:16 America/New_York | Link

And how does this work if you're not using JBoss AS ?
 
27. Aug 2010, 08:41 America/New_York | Link

Where I must to put the XML code for application-policy? You don't specify the file xml. Thank you.