configure JAAS for jboss 7.1 and mysql

The following two tabs change content below.
Prasad Kharkar is a java enthusiast and always keen to explore and learn java technologies. He is SCJP,OCPWCD, OCEJPAD and aspires to be java architect.

Latest posts by Prasad Kharkar (see all)

Hello all, In this tutorial we are going to configure JAAS for jboss 7.1 and mysql for Form based authentication to be used in a web application. . We have already covered how to configure jaas for tomcat 7 and mysql. The difference between these is due to jBoss 7.1 application server. We need to configure subsystems and modules in case of jBoss 7.1 unlike Tomcat. It is assumed that you have basic knowledge of mysql, application servers, eclipse and creating a dynamic web project.

 

Configure JAAS for jboss 7.1

Pre-requisites:

  1. jBoss 7.1 application server
  2. Mysql database
  3. eclipse IDE (I’m using Juno in this article)
  4. Mysql connector jar file

Database configuration.

Create a database and create three tables as provided in the diagram.

Tables  to be created for  JDBCRealm of users
Tables to be created for JDBCRealm of users
  • users: Stores username and password which need to be authenticated
  • roles :  Stores allowed roles
  • users_roles: Stores the relation between users and their allowed roles.

This table structure is needed to configure JAAS for jboss 7.1 and mysql

Create database :

 Insert data into database:

Now we are done with your database part. We need to tell jBoss application server that we are going to use this database for JDBCRealm purpose. Normally we would place mysql connector jar into library of web application but for jBoss 7.1 we need to create a module for it and declare it in jBoss configuration file i.e. standalone.xml .

 

Creating module for mysql :

  • Navigate to <jboss_home>/modules/com  e.g. C:\jboss-as-7.1.1.Final\modules\com
  • Create a folder called mysql in it and under mysql , create another folder named main
  • Under main , copy your mysql connector jar file  and create a file called module.xml

Your structure and the files under main folder should be

Folder structure for module
Folder structure for module

 

filesForModule

Now that we have created module.xml file and copied mysql connector jar for jdbc connectivity we need to specify that we are using this mysql connector jar as a resource for this module name.

So in your blank module.xml file, put following code

 

We are done for module creation. Now we need to configure it in standalone.xml

Configure module in standalone.xml

Navigate to <jboss_home>/standalone/configuration and open standalone.xml .

You will find a datasources tag under which you need to put this

  •  jndi name is the identifier we are going to use in our security configuration.
  • jdbc:mysql://localhost:3306/tutorialsDB is our database to which jndi name points.

Add following code to subsystems tag.

Configure jdbc driver using previously created module. Add following into drivers tag in standalone.xml

Now jBoss7.1 know that this database will be used as datasource. Now we need to configure this JAAS for jboss 7.1. So we will define security subsystem for authentication and authorization.

Add following code to  standalone.xml  under security-domains

  •  dsJndiName defines the name of the datasource used for jdbc realm.
  • principalsQuery defines the query which retrieves all usernames from the database which is configured for jdbc realm. In our case tutorialsdb will be used.
  • rolesQuery defines the roles defined for user which is authenticated.

Configuration is done for jBoss application server.

Application configuration:

First create a new dynamic web project in eclipse. We will name it jBossJaasMysql. After creating it, create files as shown in following folder structure.

Folder Structure of application
Folder Structure of application
  • login.jsp : asks username and password for the user.
  • index.jsp : This is a protected resource. Accessing this directly should ask for username and password using FORM based authentication and authorization service which we have configured.
  • jboss-web.xml : Tells the application which security system should be used.
  • web.xml: Configures application for FORM based authentication.

 

 

index.jsp

login.jsp

error.jsp

Add this code to your web.xml

  •  code in web-resource-collection tag means that resources with url pattern /protected/*  are constrained such that only DELETE, GET, POST and PUT operations can be performed for the role user
  • login-config configures the FORM authentication.

This is your jboss-web.xml

We are all done with configuration and setup part.

Hit the url http://localhost:8080/jBossJaasMysql/protected/index.jsp

As this is constrained resource, you will be asked to log in to application by this page.

Login page
Login page

Enter wrong username and password e.g. someUser/somePassword and click submit. You will see error.jsp showing message Invalid username and/or password.

Now again visit http://localhost:8080/jBossJaasMysql/protected/index.jsp  and enter username as prasad and password as kharkar.

This time, as we configure JAAS for jboss 7.1 and mysql the user prasad will be checked into database and the roles allotted to him. If he enters correct password, then he is authenticated. If a constrained resource is allowed to access a particular role, then it will be available. As index.jsp can be accessed with role user, prasad can access index.jsp now.

index.jsp

Hope this tutorial helps configure JAAS for jboss 7.1 and mysql.

Any suggestions are always appreciated 🙂

 

Share Button

Prasad Kharkar

Prasad Kharkar is a java enthusiast and always keen to explore and learn java technologies. He is SCJP,OCPWCD, OCEJPAD and aspires to be java architect.

21 thoughts on “configure JAAS for jboss 7.1 and mysql

  • December 3, 2013 at 11:17 am
    Permalink

    Hi,

    Thank you for the tutorial,
    You missed to add the jboss-web.xml entry as well in the tutorial part, please kindly add that as well,

    Reply
    • December 3, 2013 at 3:20 pm
      Permalink

      Haris, Thanks a lot for pointing out the mistake.I am sorry as it caused inconvenience. I’ve added the jboss-web.xml entry into the article. I hope it is complete now 🙂 Thanks again for reading and improvising.

      Reply
      • January 8, 2014 at 3:32 pm
        Permalink

        15:30:16,289 INFO [org.jboss.modules] JBoss Modules version 1.1.1.GA
        15:30:16,501 INFO [org.jboss.msc] JBoss MSC version 1.0.2.GA
        15:30:16,544 INFO [org.jboss.as] JBAS015899: JBoss AS 7.1.1.Final “Brontes” starting
        15:30:17,373 INFO [org.xnio] XNIO Version 3.0.3.GA
        15:30:17,374 INFO [org.jboss.as.server] JBAS015888: Creating http management service using socket-binding (management-http)
        15:30:17,382 INFO [org.xnio.nio] XNIO NIO Implementation Version 3.0.3.GA
        15:30:17,391 INFO [org.jboss.remoting] JBoss Remoting version 3.2.3.GA
        15:30:17,417 INFO [org.jboss.as.logging] JBAS011502: Removing bootstrap log handlers
        15:30:17,433 INFO [org.jboss.as.configadmin] (ServerService Thread Pool — 26) JBAS016200: Activating ConfigAdmin Subsystem
        15:30:17,435 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool — 31) JBAS010280: Activating Infinispan subsystem.
        15:30:17,450 INFO [org.jboss.as.security] (ServerService Thread Pool — 44) JBAS013101: Activating Security Subsystem
        15:30:17,452 INFO [org.jboss.as.naming] (ServerService Thread Pool — 38) JBAS011800: Activating Naming Subsystem
        15:30:17,464 INFO [org.jboss.as.osgi] (ServerService Thread Pool — 39) JBAS011940: Activating OSGi Subsystem
        15:30:17,472 INFO [org.jboss.as.webservices] (ServerService Thread Pool — 48) JBAS015537: Activating WebServices Extension
        15:30:17,493 INFO [org.jboss.as.security] (MSC service thread 1-1) JBAS013100: Current PicketBox version=4.0.7.Final
        15:30:17,523 INFO [org.jboss.as.connector] (MSC service thread 1-5) JBAS010408: Starting JCA Subsystem (JBoss IronJacamar 1.0.9.Final)
        15:30:17,616 INFO [org.jboss.as.naming] (MSC service thread 1-1) JBAS011802: Starting Naming Service
        15:30:17,643 INFO [org.jboss.as.mail.extension] (MSC service thread 1-2) JBAS015400: Bound mail session [java:jboss/mail/Default]
        15:30:17,699 INFO [org.jboss.ws.common.management.AbstractServerConfig] (MSC service thread 1-5) JBoss Web Services – Stack CXF Server 4.0.2.GA
        15:30:18,112 WARN [org.jboss.as.server.deployment.scanner] (MSC service thread 1-3) JBAS015005: Reliable deployment behaviour is not possible when auto-deployment of exploded content is enabled (i.e. deployment without use of “.dodeploy”‘ marker files). Configuration of auto-deployment of exploded content is not recommended in any situation where reliability is desired. Configuring the deployment scanner’s auto-deploy-exploded setting to “false” is recommended.
        15:30:18,116 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService for directory D:\jboss-as-7.1.1.Final\standalone\deployments
        15:30:18,182 INFO [org.jboss.as.remoting] (MSC service thread 1-6) JBAS017100: Listening on localhost/127.0.0.1:4447
        15:30:18,183 INFO [org.jboss.as.remoting] (MSC service thread 1-8) JBAS017100: Listening on /127.0.0.1:9999
        15:30:18,205 INFO [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) Starting Coyote HTTP/1.1 on http-localhost-127.0.0.1-8080
        15:30:18,525 INFO [org.jboss.as.controller] (Controller Boot Thread) JBAS014774: Service status report
        JBAS014775: New missing/unsatisfied dependencies:
        service jboss.jdbc-driver.com_mysql (missing) dependents: [service jboss.data-source.java:/jBossJaasMysql]

        15:30:18,559 INFO [org.jboss.as.server.deployment] (MSC service thread 1-3) JBAS015876: Starting deployment of “jBossJaasMysql.war”
        15:30:18,919 INFO [org.jboss.web] (MSC service thread 1-4) JBAS018210: Registering web context: /jBossJaasMysql
        15:30:18,926 INFO [org.jboss.as] (MSC service thread 1-5) JBAS015951: Admin console listening on http://127.0.0.1:9990
        15:30:18,927 ERROR [org.jboss.as] (MSC service thread 1-5) JBAS015875: JBoss AS 7.1.1.Final “Brontes” started (with errors) in 2979ms – Started 170 of 249 services (2 services failed or missing dependencies, 76 services are passive or on-demand)
        15:30:19,098 INFO [org.jboss.as.server] (DeploymentScanner-threads – 2) JBAS018559: Deployed “jBossJaasMysql.war”
        15:30:34,948 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-1) Login failure: javax.security.auth.login.LoginException: PB00019: Processing Failed:Error looking up DataSource from: java:/jBossJaasMysql
        at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:196) [picketbox-4.0.7.Final.jar:4.0.7.Final]
        at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:249) [picketbox-4.0.7.Final.jar:4.0.7.Final]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_09]
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.7.0_09]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.7.0_09]
        at java.lang.reflect.Method.invoke(Unknown Source) [rt.jar:1.7.0_09]
        at javax.security.auth.login.LoginContext.invoke(Unknown Source) [rt.jar:1.7.0_09]
        at javax.security.auth.login.LoginContext.access$000(Unknown Source) [rt.jar:1.7.0_09]
        at javax.security.auth.login.LoginContext$4.run(Unknown Source) [rt.jar:1.7.0_09]
        at javax.security.auth.login.LoginContext$4.run(Unknown Source) [rt.jar:1.7.0_09]
        at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_09]
        at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) [rt.jar:1.7.0_09]
        at javax.security.auth.login.LoginContext.login(Unknown Source) [rt.jar:1.7.0_09]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
        at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
        at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:381) [jbossweb-7.0.13.Final.jar:]
        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
        at java.lang.Thread.run(Unknown Source) [rt.jar:1.7.0_09]
        Caused by: javax.naming.NameNotFoundException: Error looking up jBossJaasMysql, service service jboss.naming.context.java.jBossJaasMysql is not started
        at org.jboss.as.naming.ServiceBasedNamingStore.lookup(ServiceBasedNamingStore.java:126)
        at org.jboss.as.naming.ServiceBasedNamingStore.lookup(ServiceBasedNamingStore.java:74)
        at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:178)
        at org.jboss.as.naming.InitialContext.lookup(InitialContext.java:113)
        at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:214)
        at javax.naming.InitialContext.lookup(Unknown Source) [rt.jar:1.7.0_09]
        at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:174) [picketbox-4.0.7.Final.jar:4.0.7.Final]

        Reply
  • January 8, 2014 at 8:42 am
    Permalink

    really help full. keep it up.

    thx

    Reply
    • January 8, 2014 at 9:46 am
      Permalink

      I am glad it was useful for you 🙂
      Please feel free to suggest any improvements.

      Reply
  • January 8, 2014 at 12:49 pm
    Permalink

    Thanks for the post.

    Looks like the Login.jsp contains the body of index.jsp. Can u please provide the exact JSP code for the login.jsp

    Reply
    • January 8, 2014 at 8:52 pm
      Permalink

      Hi Priya, Apologies for login.jsp. I have updated the tutorial. Please check. Feel free to suggest any improvements.

      Reply
  • March 26, 2014 at 12:03 pm
    Permalink

    Great Tutorial..Helped me really! Thanks.. 🙂
    Please share more!

    Reply
    • March 26, 2014 at 3:08 pm
      Permalink

      Thank you for commenting 🙂 I am glad this was helpful.I am trying my best to provide good content on the site and will definitely post more. You can LIKE it on facebook for updates.

      Reply
  • March 28, 2014 at 11:07 pm
    Permalink

    Hi,

    very interesting to me. However, i have a question if you can point out for me: what/where is the “Database” for login-module code in the below?

    I am using jboss as 7.2 and it seems never found that “Database” module.

    thank you,
    trancha

    Reply
  • April 27, 2014 at 1:48 pm
    Permalink

    Great Tutorial.
    But how can we get the username after login,

    Reply
    • April 27, 2014 at 5:16 pm
      Permalink

      YOu can retrieve the username of loggedin user using request.getUserPrincipal().getName();

      Reply
  • July 23, 2014 at 7:45 pm
    Permalink

    we can do the same thing for oracle 10!!!

    Reply
  • October 18, 2014 at 4:31 am
    Permalink

    Great Tutorial!!

    please, how can i to do logout?

    sorry, my english is bad jejejjeje

    Reply
  • November 25, 2014 at 12:20 pm
    Permalink

    Thanks a lot Prasad.

    Reply
  • Pingback:Fix Jboss Web.xml Error-page Windows XP, Vista, 7, 8 [Solved]

  • July 23, 2015 at 12:19 am
    Permalink

    I had problem with deploying of mysql jdbc jar file version 35 , I used old version actually 29 and I got it working
    thanks a lot
    great tutorial

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *