One way to protect the resources of our Smartgwt SmartGWT Projects, is to use the authentication of JBoss AS AS authentication against a an LDAP server. We have developed a Smartgwt SmartGWT Project to demonstrate how to protect the protection of its resources, to do that we have used the following software.resources. The following software versions have been used:
JBoss AS version 7.0.1 and 6.1.0, this . The application server you can download it be downloaded from here.
Apache Directory Server 1.5.7, this . The LDAP server you can download it be downloaded from here.
...
On JBoss AS 6.1.0
To run the project, you have to do perform the following steps:
1.- Install the Apache Directory Server, or if you already have one installed, create a new partition, this . This partition will contain the new directory structure that will use our project.
Locate the server.xml configuration file in <APACHEDS_PATH>/ instances/default/conf/ and add the following lines:
...
| Code Block | ||
|---|---|---|
| ||
<partitions> </partitions> |
Then, you must to restart the server. More You can fins more information about this here.
2.- Apache Directory Studio can be used to connect to our ApacheDS, to load the new directory structure, you can copy whole the information copy complete detail below into a an isomorphic.ldif file.
| Code Block |
|---|
version: 1 dn: dc=isomorphic,dc=com objectClass: organization objectClass: dcObject objectClass: top dc: isomorphic o: ISOMORPHIC dn: ou=People,dc=isomorphic,dc=com objectClass: organizationalUnit objectClass: top ou: People dn: ou=Roles,dc=isomorphic,dc=com objectClass: organizationalUnit objectClass: top ou: Roles dn: cn=Admin,ou=Roles,dc=isomorphic,dc=com objectClass: groupOfNames objectClass: top cn: Admin member: uid=admin,ou=People,dc=isomorphic,dc=com member: uid=peter,ou=People,dc=isomorphic,dc=com description: the admin group dn: cn=Regular,ou=Roles,dc=isomorphic,dc=com objectClass: groupOfNames objectClass: top cn: Regular member: uid=joe,ou=People,dc=isomorphic,dc=com description: the regular group dn: uid=admin,ou=People,dc=isomorphic,dc=com objectClass: person objectClass: uidObject objectClass: top cn: Admin sn: Admin uid: admin userPassword:: admin dn: uid=joe,ou=People,dc=isomorphic,dc=com objectClass: person objectClass: uidObject objectClass: top cn: Joe sn: Joe uid: joe userPassword:: joe dn: uid=peter,ou=People,dc=isomorphic,dc=com objectClass: person objectClass: uidObject objectClass: top cn: Peter sn: Peter uid: peter userPassword:: peter |
Finally you will have the You should now have a directory structure similar to the following pictureexample below.
3.- Next, setup the JBoss AS for to allow it can to authenticate against the an LDAP server, to do that, locate . Locate the login-config.xml configuration file in <JBOSS_HOME>/ server/default/conf/, and add the following lines where corresponds:
| Code Block | ||
|---|---|---|
| ||
<application-policy name="testLdap">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://localhost:10389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">,ou=People,dc=isomorphic,dc=com</module-option>
<module-option name="rolesCtxDN">ou=Roles,dc=isomorphic,dc=com</module-option>
<module-option name="uidAttributeID">member</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
</login-module>
</authentication>
</application-policy>
|
Finally restart the server. More information about the security of JBoss JBoss Security can be found here.
4.-Now, As we have to now setup our the project to use this authentication method, open the web.xml configuration file of our the project located in WEB-INF/ and add the following lines:
| Code Block | ||
|---|---|---|
| ||
<login-config>
<auth-method>FORM</auth-method>
<realm-name>User Auth</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>*</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Sample Application</web-resource-name>
<url-pattern>*.html</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
|
Here we want to explain two things:
One, the There are 2 points to consider here:
1) The authentication method selected is FORM, and for that purpose we have two JSP files, . login.jsp will be used which is used to ask for users the credentials to the users and error.jsp which is used to redirect to the users in case cases where the authentication fails.
Here there There is an example of a replacement login page with some attractive styling .Two, we will protect our HTML filesshowing this in action Here
2) We need to protect the HTML files because, for this project, we are not considering assuming the roles are assigned to the users.
5.- Create a new configuration file for our the project, named jboss-web.xml and locate place it into in the WEB-INF/ directory, this director. This new configuration file will contain:
...
Note.- testLdap is the name of our authentication policy that we just added to the login-config.xml configuration file.
Now you can deploy and test the project.
...
On JBoss AS 7.0.1
The are certain changes that we have to do be done with respect to the version 6.1.0 are the followingas follows:
Open the standalone.xml configuration file, this . This file is located in <JBOSS_HOME>/standalone/configuration:
change:
| Code Block | ||
|---|---|---|
| ||
<subsystem xmlns="urn:jboss:domain:ee:1.0" /> |
forto:
| Code Block | ||
|---|---|---|
| ||
<subsystem xmlns="urn:jboss:domain:ee:1.0" >
<global-modules>
<module name="sun.jdk" slot="main"/>
</global-modules>
</subsystem> |
and then add:
| Code Block | ||
|---|---|---|
| ||
<security-domain name="testLdap">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://localhost:10389/"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="principalDNPrefix" value="uid="/>
<module-option name="principalDNSuffix" value=",ou=People,dc=isomorphic,dc=com"/>
<module-option name="rolesCtxDN" value="ou=Roles,dc=isomorphic,dc=com"/>
<module-option name="uidAttributeID" value="member"/>
<module-option name="matchOnUserDN" value="true"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="roleAttributeIsDN" value="false"/>
</login-module>
</authentication>
</security-domain> |
...
| Code Block | ||
|---|---|---|
| ||
<subsystem xmlns="urn:jboss:domain:security:1.0">
<security-domains>
......
</security-domains>
</subsystem> |
Finally, we want to comment that whole the authentication process will be managed for the container of JBoss AS.
Whole the source code of the project is If you need to refer to or review this project, the complete source code can be found here.