One way to protect the resources of our Smartgwt Projects, is to use the authentication of JBoss AS against a LDAP server. We have developed a Smartgwt Project to demonstrate the protection of its resources, to do that we have used the following software.
JBoss AS 6.1.0, this application server you can download it from here.
Apache Directory Server 1.5.7, this LDAP server you can download it from here.
To run the project, you have to do the following steps:
1.- Install the Apache Directory Server, or if you already have one installed, create a new partition, this partition will contain the new directory structure that will use our project.
Locate the server.xml configuration file in <APACHEDS_PATH>/ instances/default/conf/ and add the following lines:
<jdbmPartition id="isomorphic" suffix="dc=isomorphic,dc=com" optimizerEnabled="true" syncOnWrite="true" />
This has to be inside of the element:
<partitions> </partitions>
Then, you must to restart the server. More information about this here.
2.- Apache Directory Studio can be used to connect to our ApacheDS, to load the new directory structure, you can copy whole the information below into a isomorphic.ldif file.
version: 1 dn: dc=isomorphic,dc=com objectClass: organization objectClass: dcObject objectClass: top dc: isomorphic o: ISOMORPHIC dn: ou=People,dc=isomorphic,dc=com objectClass: organizationalUnit objectClass: top ou: People dn: ou=Roles,dc=isomorphic,dc=com objectClass: organizationalUnit objectClass: top ou: Roles dn: cn=Admin,ou=Roles,dc=isomorphic,dc=com objectClass: groupOfNames objectClass: top cn: Admin member: uid=admin,ou=People,dc=isomorphic,dc=com member: uid=peter,ou=People,dc=isomorphic,dc=com description: the admin group dn: cn=Regular,ou=Roles,dc=isomorphic,dc=com objectClass: groupOfNames objectClass: top cn: Regular member: uid=joe,ou=People,dc=isomorphic,dc=com description: the regular group dn: uid=admin,ou=People,dc=isomorphic,dc=com objectClass: person objectClass: uidObject objectClass: top cn: Admin sn: Admin uid: admin userPassword:: admin dn: uid=joe,ou=People,dc=isomorphic,dc=com objectClass: person objectClass: uidObject objectClass: top cn: Joe sn: Joe uid: joe userPassword:: joe dn: uid=peter,ou=People,dc=isomorphic,dc=com objectClass: person objectClass: uidObject objectClass: top cn: Peter sn: Peter uid: peter userPassword:: peter
Finally you will have the directory structure similar to the following picture.
3.- Next, setup the JBoss AS for it can authenticate against the LDAP server, to do that, locate login-config.xml configuration file in <JBOSS_HOME>/ server/default/conf/, and add the following lines where corresponds:
<application-policy name="testLdap">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://localhost:10389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">,ou=People,dc=isomorphic,dc=com</module-option>
<module-option name="rolesCtxDN">ou=Roles,dc=isomorphic,dc=com</module-option>
<module-option name="uidAttributeID">member</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
</login-module>
</authentication>
</application-policy>
Finally restart the server. More information about the security of JBoss here.
4.-Now, we have to setup our project to use this authentication method, open the web.xml configuration file of our project located in WEB-INF/ and add the following lines:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>User Auth</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>*</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Sample Application</web-resource-name>
<url-pattern>*.html</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
Here we want to explain two things:
One, the authentication method selected is FORM, and for that purpose we have two JSP files, login.jsp will be used to ask credentials to the users and error.jsp to redirect to the users in case the authentication fails.
Here there is an example of a replacement login page with some attractive styling.
Two, we will protect our HTML files, for this project, we are not considering the roles assigned to the users.
5.- Create a new configuration file for our project, named jboss-web.xml and locate it into WEB-INF/ directory, this new configuration file will contain:
<?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>java:/jaas/testLdap</security-domain> </jboss-web>
Note.- testLdap is the name of our authentication policy that we just added to login-config.xml configuration file.
Now you can deploy and test the project.
Finally, we want to comment that whole the authentication process will be managed for the container of JBoss AS.
Whole the source code of the project is here.