One way to protect the resources of our Smartgwt Projects, is to use the authentication of JBoss AS against a LDAP server. We have developed a Smartgwt Project to demonstrate the protection of its resources, to do that we have used the following software.
JBoss AS version 7.0.1 and 6.1.0, this application server you can download it from here.
Apache Directory Server 1.5.7, this LDAP server you can download it from here.
...
On JBoss AS 6.1.0
To run the project, you have to do the following steps:
...
Now you can deploy and test the project.
...
On JBoss AS 7.0.1
The changes that we have to do respect to the version 6.1.0 are the following:
Open the standalone.xml configuration file, this file is located in <JBOSS_HOME>/standalone/configuration:
change:
Code Block | ||
---|---|---|
| ||
<subsystem xmlns="urn:jboss:domain:ee:1.0" /> |
for:
Code Block | ||
---|---|---|
| ||
<subsystem xmlns="urn:jboss:domain:ee:1.0" >
<global-modules>
<module name="sun.jdk" slot="main"/>
</global-modules>
</subsystem> |
and add:
Code Block | ||
---|---|---|
| ||
<security-domain name="testLdap"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> <module-option name="java.naming.provider.url" value="ldap://localhost:10389/"/> <module-option name="java.naming.security.authentication" value="simple"/> <module-option name="principalDNPrefix" value="uid="/> <module-option name="principalDNSuffix" value=",ou=People,dc=isomorphic,dc=com"/> <module-option name="rolesCtxDN" value="ou=Roles,dc=isomorphic,dc=com"/> <module-option name="uidAttributeID" value="member"/> <module-option name="matchOnUserDN" value="true"/> <module-option name="roleAttributeID" value="cn"/> <module-option name="roleAttributeIsDN" value="false"/> </login-module> </authentication> </security-domain> |
into:
Code Block | ||
---|---|---|
| ||
<subsystem xmlns="urn:jboss:domain:security:1.0">
<security-domains>
......
</security-domains>
</subsystem> |
Finally, we want to comment that whole the authentication process will be managed for the container of JBoss AS.
...