Wednesday, October 24, 2012

Social buzz post

How much do medical assistants get? Is it worth being chosen as a career? Educate yourself then decide! http://bit.ly/QWbjlE

Sunday, October 14, 2012

Form Based authentication in JBOSS

We discussed about basic authentication in JBOSS. Now we are going to discuss about form based authentication. As we discussed earlier, we have four types of authentication mechanisms.

As the name suggests, credentials are taken from a user filled form.  In addition to the changes done above we have to add a login config element to the web.xml outside the security constraint element and inside web-app element. It should be noted that only one login config block should be there.

<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/loginfail.jsp</form-error-page>
   </form-login-config>
<login-config>


We have to create different jsp files, login.jsp, loginfail.jsp and logout.jsp.  We should add a login form in the body of login.jsp.

<form method="post" action="j_security_check">
            <input type="text" name="j_username" /><br/>
            <input type="password" name="j_password" /><br/>
            <input type="submit" value="Login" />
</form>

If the login is failed code in the loginfail.jsp will get executed.

<%
String redirectURL = "/Form-Base-Auth-war/FormServlet";
    response.sendRedirect(redirectURL);   
%>  

This code is written between jsp tags. In case of failure user is redirected to the login page.  
In the servlet we have given a link to logout.jsp.

out.println("<br/><a href='logout.jsp'>logout</a>");

Following is the body of logout.jsp.

<body>
        <%
     session.invalidate();       
%>
        <h1>Log Out successfully</h1>
       
      
      
        <a href="/Form-Base-Auth-war/FormServlet">home</a>
    </body>

Other things are reamain unchanged as Basic authentication. We have to add security domain to the jboss-web.xml, need to create two properties files, need to add security constrains as basic authentication. If you miss it you can see Basic authentication in JBOSS.

Session is successfully invalidated in form-based authentication unlike basic authentication. This works in any browser.





Tuesday, October 9, 2012

Basic authentication mechanism in JBOSS

Name implies that this is the basic authentication mechanism type in JBOSS. When we trying to access to secured resource, then application will ask about username and password. If username and password are correct, then user can access to the resource. Lets see how to enable basic authentication for a resource.

First create an enterprise application like earlier discussed. Then we have to do some configurations. So first open the web.xml file under configuration files of testApp-war. Then add following code within <web-app> tag.


<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Pages</web-resource-name>
<url-pattern>/protected_resource/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Only allow users from following roles</description>
<role-name>guest</role-name>
   <role-name>admin</role-name>
</auth-constraint>
     
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>My Secure Content Authentication</realm-name>
 </login-config>


In the URL pattern tag you have to specify the URL of the secured webpage. You can specify more than
one URL pattern. A URL pattern beginning with ‘/’ and ending with ‘/*’ specifies a path mapping and ‘*.’
Specifies an extension mapping. String containing only ‘/’ specifies default server while all other strings
denote the exact matches.
<role-name> is the allowed rolls for secured resource.
Then we have to edit jboss-web.xml file also. That config file also locate in the previous directory. Open the jboss-web.xml file and add following code inside <jboss-web> tag.

<security-domain>java:/jaas/test_policy</security-domain>

Now we need to create a security domain in login-config.xml file which located under following directory.

{JBOSS_HOME}\server\default\conf\login-config.xml

Then add following application policy into login-config.xml


<application-policy name = "testPolicy">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
           <module-option name="usersProperties">props/testuser.properties</module-option>
           <module-option name="rolesProperties">props/testrole.properties</module-option>
          </login-module>
       </authentication>
    </application-policy>


Now we need to create two more properties file to achieve Basic authentication. Therefore go to following directory and create to properties files called testuser.properties and testrole.properties.

{JBOSS_HOME}\server\default\conf\props

then add following username names and passwords to testuser.properties file.

akila=akila
sithum=sithum

akila is the username and the password is akila.

Then add following username with the role inside the testrole.properties file.

akila=admin
sithum=guest

akila is the username and admin is the role of akila.

now we need to test basic authentication. So go to web browser and request to protected resource. Now you will see a pop-up box that asking about user name and password like below. Then enter your username and password. Now you can access your protected resource. 




:)

Friday, September 14, 2012

Security in JBOSS

We have discussed about how to create a simple enterprise application and how to deploy it into JBOSS server. In this article, we are going to discuss about how security achieve from JBOSS. So I am going to discuss about logging modules in jboss. Basically we have four logging modules. Those are,

  • Basic authentication mechanism
  • Form based authentication mechanism
  • Digest authentication mechanism
  • Client cert authentication mechanism
Those are the basic authentication mechanisms. Since next article, we are talking about those mechanisms.  

Saturday, September 8, 2012

Create Enterprise Application with JBOSS and Netbeans

We have discussed about how install jboss and how to start jboss with netbeans in previous topics. We are going to discuss about how create an enterprise application, how to create an EJB , how to call that EJB from a servlet and how to deploy that enterprise application into jboss server.
As the first step, lets see how to create an enterprise application in netbeans.
Open netbeans add go to file and click on New Project. Then click on JAVA EE and select Enterprise Application as show in figure below.
Then click next. After that add a name for your enterprise application and click next. Then select jboss-as as the server and select create EJB module and create web module tick buttons. Now click Finish. Now you will see three new nodes appear project tab.
Then we need to create an EJB. We are going to create stateless session bean in this example. My enterprise application name is "test". Then you can see a node called "test-ejb" in the project tab. Right click on that tab and click session bean.
Now you will see a window like below. Give a suitable name to your session bean. Then specify a package name. Then select stateless and local as shown below.
 Now you will see two classes created under source package-> ejb directory. click on testSessionBean.java  and right click on work area and select add business method as shown in the following figure.
Then you will see a windows like below figure. We are going to create small session bean that returns addition of two numbers. So we need to get two integer values as parameters and we need to return the addition of those two numbers as a integer.
Now you will see a method call businessMethod in the testSessionBean.java and testSessionBeanLocal.java classes. Change the return statement as follows. Then that method will return the addition of given two numbers.

 public int businessMethod(int num1, int num2) {
        return num1+num2;
    }

Then save the java file. We created a session bean. Now we need to create a web application. This web app will use above session bean.
Right click on testApp-war node in project tab and go to New and select Servlet. Then you will get a window. Give a suitable name for your servlet such as testServlet and give a package name. Then click next and click finish on next window. Now we can see a new servlet java class created under the source package and your package name directory.
Now we need to call above sessionBean. So right click on work area and select insert code as mentioned above. Then select call Enterprise Bean. Then you will see a window and you have to select our ejb that we created as shown in the figure.
Now you will see following code added to the servlet class.


@EJB
    private testSessionBeanLocal testSessionBean;

Since we need to call session bean, we need to add following code in side the try catch block that created in the servlet.


            out.println("<html>");
            out.println("<head>");
            out.println("<title>Servlet testServlet</title>");
            out.println("</head>");
            out.println("<body>");
             out.println("<h1>Addition of 10 and 15 is "+testSessionBean.businessMethod(10, 15)+"</h1>");
            out.println("</body>");
            out.println("</html>");

We are almost finished. Now we need to deploy our enterprise application to the server. Right click on testApp node in the project tab and click deploy. Then deploy our web application and start the jboss server. After deploying we can access our web application through a web browser. Open a web browser and enter following URL.
http://localhost:8080/testApp-war/testServlet

Now you will see the addition of 10 and 15 display in web browser.

Cheers..!!


Thursday, August 16, 2012

JBOSS with NetBeans

We discussed about how to install JBOSS in your computer in previous post. But we didn't talk about how to start JBOSS server. We are going to talk about how to use JBOSS with netbeans IDE. Most of the JBOSS tutorials are based on eclipse IDE. But this article series is based on Netbeans IDE.

First open netbeans IDE. Then go to service tab and right click on servers node. Then click on add server as shown in the image.
Then you have to select JBoss Application Server from pop up box. Then press next. Now you have to browse your JBOSS stored folder. You have to select jboss-as directory. After that press finish. Now we successfully added JBOSS server to netbeans. Now we can start our JBOSS server from Netbeans. For that, write click on newly added jboss server and press start. Now we can see jboss-console. It will show starting JBOSS server.

We will see how to create small EJB and how to deploy that EJB to the JBOSS AS from netbeans.