Posts Tagged ‘jboss’

At times it is necessary to have restricted access to your web applications. Although, it is pretty simple to configure this, its difficult to find a straight forward guide to implement this. And this is what motivated me to pen down a step by step guide to restrict your web applications on JBoss Application Server.

1.  Identify the web application that needs to be restricted access to (Lets call this as ABCWebApp). Update the web.xml file, you will probably need to add the following lines:

File:        /usr/local/jboss-5.1.0.GA/server/default/deploy/ABCWebApp/WEB-INF/web.xml

<!– add a security-contraint to

a resource in your application that needs to be

restricted –>



<web-resource-name>Secure Content</web-resource-name>


<!– if you need any particular directory, you can have the pattern as /dir_name/* –>






<!– define the type of authentication mechanism to be used –>



<realm-name>ABCWebApp – Restricted Zone</realm-name>


<!– defie the role that are allowed to access the restricted zone –>


<description>The role required to access restricted content </description>



2.  Add or update the existing jboss-web.xml file under your web application to use the security policy

File: /usr/local/jboss-5.1.0.GA/server/default/deploy/ABCWebApp/WEB-INF/jboss-web.xml

<?xml version=”1.0″ encoding=”UTF-8″?>


<context-root />


<!– This policy needs to be defined in the login-config.xml –>


3.  Define the policy in step 2 in login-config.xml. Add following lines

File: /usr/local/jboss-5.1.0.GA/server/default/conf/login-config.xml

<!– A template configuration for the ABCWebApp web application. This

defaults to the UsersRolesLoginModule the same as other and should be

changed to a stronger authentication mechanism as required.


<application-policy name=”ABCWebApp_Policy”>


<login-module code=”org.jboss.security.auth.spi.UsersRolesLoginModule”


<!– define property file which has username / password –>

<module-option name=”usersProperties”>props/ABCWebApp_Policy-users.properties</module-option>

<!– define property file which has role for the above users –>

<module-option name=”rolesProperties”>props/ABCWebApp_Policy-roles.properties</module-option>




4. Create the property file for the user credentials (defied in step 3)

File: /usr/local/jboss-5.1.0.GA/server/default/conf/props/ABCWebApp_Policy-users.properties

# A sample users.properties file for use with the UsersRolesLoginModule

ashish = pass1234

shukla = pass1234

ashishshukla = pass1234

ashishpshukla = pass1234

5. Create the property file for the user roles (defied in step 3), Note the roles should be as defined in step 1

File: /usr/local/jboss-5.1.0.GA/server/default/conf/props/ABCWebApp_Policy-roles.properties

ashish = ABCWebAppUser

shukla = ABCWebAppUser

ashishshukla = ABCWebAppUser

ashishpshukla = ABCWebAppUser


Read Full Post »