At times it is necessary to have restricted access to your web applications. Although, it is pretty simple to configure this, its difficult to find a straight forward guide to implement this. And this is what motivated me to pen down a step by step guide to restrict your web applications on JBoss Application Server.
1. Identify the web application that needs to be restricted access to (Lets call this as ABCWebApp). Update the web.xml file, you will probably need to add the following lines:
File: /usr/local/jboss-5.1.0.GA/server/default/deploy/ABCWebApp/WEB-INF/web.xml
<!– add a security-contraint to
a resource in your application that needs to be
restricted –>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Content</web-resource-name>
<url-pattern>/*</url-pattern>
<!– if you need any particular directory, you can have the pattern as /dir_name/* –>
</web-resource-collection>
<auth-constraint>
<role-name>ABCWebAppUser</role-name>
</auth-constraint>
</security-constraint>
<!– define the type of authentication mechanism to be used –>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ABCWebApp – Restricted Zone</realm-name>
</login-config>
<!– defie the role that are allowed to access the restricted zone –>
<security-role>
<description>The role required to access restricted content </description>
<role-name>ABCWebAppUser</role-name>
</security-role>
2. Add or update the existing jboss-web.xml file under your web application to use the security policy
File: /usr/local/jboss-5.1.0.GA/server/default/deploy/ABCWebApp/WEB-INF/jboss-web.xml
<?xml version=”1.0″ encoding=”UTF-8″?>
<jboss-web>
<context-root />
java:/jaas/ABCWebApp_Policy
<!– This policy needs to be defined in the login-config.xml –>
</jboss-web>
3. Define the policy in step 2 in login-config.xml. Add following lines
File: /usr/local/jboss-5.1.0.GA/server/default/conf/login-config.xml
<!– A template configuration for the ABCWebApp web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
–>
<application-policy name=”ABCWebApp_Policy”>
<authentication>
<login-module code=”org.jboss.security.auth.spi.UsersRolesLoginModule”
flag=”required”>
<!– define property file which has username / password –>
<module-option name=”usersProperties”>props/ABCWebApp_Policy-users.properties</module-option>
<!– define property file which has role for the above users –>
<module-option name=”rolesProperties”>props/ABCWebApp_Policy-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
4. Create the property file for the user credentials (defied in step 3)
File: /usr/local/jboss-5.1.0.GA/server/default/conf/props/ABCWebApp_Policy-users.properties
# A sample users.properties file for use with the UsersRolesLoginModule
ashish = pass1234
shukla = pass1234
ashishshukla = pass1234
ashishpshukla = pass1234
5. Create the property file for the user roles (defied in step 3), Note the roles should be as defined in step 1
File: /usr/local/jboss-5.1.0.GA/server/default/conf/props/ABCWebApp_Policy-roles.properties
ashish = ABCWebAppUser
shukla = ABCWebAppUser
ashishshukla = ABCWebAppUser
ashishpshukla = ABCWebAppUser
How-do-you-do, just needed you to know I have added your site to my Google bookmarks because of your extraordinary blog layout. But seriously, I think your site has one of the freshest theme I’ve came across. It really helps make reading your blog a lot easier.
The subject is fully clear but why does the text lack clarity? But in general your blog is great.