Wednesday, October 24, 2012
Social buzz post
How much do medical assistants get? Is it worth being chosen as a career? Educate yourself then decide! http://bit.ly/QWbjlE
Sunday, October 14, 2012
Form Based authentication in JBOSS
We discussed about basic authentication in JBOSS. Now we are going to discuss about form based authentication. As we discussed earlier, we have four types of authentication mechanisms.
As the name suggests, credentials are taken from a user
filled form. In addition to the changes
done above we have to add a login config element to the web.xml outside the
security constraint element and inside web-app element. It should be noted that
only one login config block should be there.
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginfail.jsp</form-error-page>
</form-login-config>
<login-config>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginfail.jsp</form-error-page>
</form-login-config>
<login-config>
We have to create different jsp files, login.jsp,
loginfail.jsp and logout.jsp. We should
add a login form in the body of login.jsp.
<form
method="post" action="j_security_check">
<input type="text"
name="j_username" /><br/>
<input type="password"
name="j_password" /><br/>
<input type="submit"
value="Login" />
</form>
If the login is failed code in the loginfail.jsp will get
executed.
<%
String
redirectURL = "/Form-Base-Auth-war/FormServlet";
response.sendRedirect(redirectURL);
%>
This code is written between jsp tags. In case of failure
user is redirected to the login page.
In the
servlet we have given a link to logout.jsp.
out.println("<br/><a
href='logout.jsp'>logout</a>");
Following is the body of logout.jsp.
<body>
<%
session.invalidate();
%>
<h1>Log Out
successfully</h1>
<a
href="/Form-Base-Auth-war/FormServlet">home</a>
</body>
Other things are reamain unchanged as Basic authentication. We have to add security domain to the jboss-web.xml, need to create two properties files, need to add security constrains as basic authentication. If you miss it you can see Basic authentication in JBOSS.
Session is successfully invalidated in form-based
authentication unlike basic authentication. This works in any browser.
Tuesday, October 9, 2012
Basic authentication mechanism in JBOSS
Name implies that this is the basic authentication mechanism type in JBOSS. When we trying to access to secured resource, then application will ask about username and password. If username and password are correct, then user can access to the resource. Lets see how to enable basic authentication for a resource.
First create an enterprise application like earlier discussed. Then we have to do some configurations. So first open the web.xml file under configuration files of testApp-war. Then add following code within <web-app> tag.
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Pages</web-resource-name>
<url-pattern>/protected_resource/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Only allow users from following roles</description>
<role-name>guest</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My Secure Content Authentication</realm-name>
</login-config>
In the URL pattern tag you have to specify the URL of the secured webpage. You can specify more than
one URL pattern. A URL pattern beginning with ‘/’ and ending with ‘/*’ specifies a path mapping and ‘*.’
Specifies an extension mapping. String containing only ‘/’ specifies default server while all other strings
denote the exact matches.
<role-name> is the allowed rolls for secured resource.
Then we have to edit jboss-web.xml file also. That config file also locate in the previous directory. Open the jboss-web.xml file and add following code inside <jboss-web> tag.
<security-domain>java:/jaas/test_policy</security-domain>
Now we need to create a security domain in login-config.xml file which located under following directory.
{JBOSS_HOME}\server\default\conf\login-config.xml
Then add following application policy into login-config.xml
Now we need to create two more properties file to achieve Basic authentication. Therefore go to following directory and create to properties files called testuser.properties and testrole.properties.
{JBOSS_HOME}\server\default\conf\props
then add following username names and passwords to testuser.properties file.
akila=akila
sithum=sithum
akila is the username and the password is akila.
Then add following username with the role inside the testrole.properties file.
akila=admin
sithum=guest
akila is the username and admin is the role of akila.
now we need to test basic authentication. So go to web browser and request to protected resource. Now you will see a pop-up box that asking about user name and password like below. Then enter your username and password. Now you can access your protected resource.
:)
First create an enterprise application like earlier discussed. Then we have to do some configurations. So first open the web.xml file under configuration files of testApp-war. Then add following code within <web-app> tag.
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Pages</web-resource-name>
<url-pattern>/protected_resource/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Only allow users from following roles</description>
<role-name>guest</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My Secure Content Authentication</realm-name>
</login-config>
In the URL pattern tag you have to specify the URL of the secured webpage. You can specify more than
one URL pattern. A URL pattern beginning with ‘/’ and ending with ‘/*’ specifies a path mapping and ‘*.’
Specifies an extension mapping. String containing only ‘/’ specifies default server while all other strings
denote the exact matches.
<role-name> is the allowed rolls for secured resource.
Then we have to edit jboss-web.xml file also. That config file also locate in the previous directory. Open the jboss-web.xml file and add following code inside <jboss-web> tag.
<security-domain>java:/jaas/test_policy</security-domain>
Now we need to create a security domain in login-config.xml file which located under following directory.
{JBOSS_HOME}\server\default\conf\login-config.xml
Then add following application policy into login-config.xml
<application-policy name =
"testPolicy">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">props/testuser.properties</module-option>
<module-option name="rolesProperties">props/testrole.properties</module-option>
</login-module>
</authentication>
</application-policy>
Now we need to create two more properties file to achieve Basic authentication. Therefore go to following directory and create to properties files called testuser.properties and testrole.properties.
{JBOSS_HOME}\server\default\conf\props
then add following username names and passwords to testuser.properties file.
akila=akila
sithum=sithum
akila is the username and the password is akila.
Then add following username with the role inside the testrole.properties file.
akila=admin
sithum=guest
akila is the username and admin is the role of akila.
now we need to test basic authentication. So go to web browser and request to protected resource. Now you will see a pop-up box that asking about user name and password like below. Then enter your username and password. Now you can access your protected resource.
:)
Subscribe to:
Posts (Atom)