posted 15 years ago
Okay, here we go.
First, you need to create a database. I used MySQL. This database will have the two tables used by the DatabaseServerLoginModule. By default these tables are called Principals and Roles, although you can change this with configuration (we'll see later). Here are the create table statements I used on mysql:
You then need to insert rows into both tables. The Principals table holds the user login and password. The Roles table holds the list of roles you wish the user to participate in. Note that the RoleGroup column must have a value of 'Roles' (but we can eliminate this requirement in the configuration, which we'll see later).
If you're not sure what data to load into the tables, ask.
You'll need to configure JBoss to use the MySQL driver. This involves getting the driver jar on the server's classpath. Ask if you need help doing this, but the mysql installation instructions should give you what you need.
Next you'll need to create a datasource deployment descriptor. I named mine mysql-ds.xml, and deploy it by copying it to the server/default/deploy directory in JBOSS_HOME (note: "default" is the server name. If you're using a different server, just replace the name. I'll refer to the server as "default" in this post). Here is what my mysql-ds.xml file looks like: Note you you will need to assign your specific values to the connection-url, user-name and password elements.
These are not the web-user credentails, but the user/password used to access the MySQL database server. Note the <jndi-name> element of MySQLDS. You can make this whatever you want, but it will be used later so if you change it, change the reference used later as well.
You need to add an <application-policy> block element to the JBOSS_HOME/server/default/conf/login-config.xml file. Mine looks like this:
Note the reference to the datasource (MySQLDS). Fix that so it matches your datasource. You will need to select a security domain name. This can be whatever you want, but will be referenced later, so keep track of what you choose.
At this point, you can restart the application server (or start it, if it's not already running).
Next, you need to get the web application to prompt the user for credentials. Basically, once the configuration is set up, the application will prompt the user when they attempt to access something which requires authentication (like an EJB that includes a @RolesAllowed() annotation).
In the web.xml file for the web application, add a <login-config> element, which looks like this:
Add some <security-role> elements for each security role you will to use in the application, like the following:
Add a security constraint to force authentication for your application pages. This example will blanket all application pages. You can change the url-pattern element to lock down only specific pages:
And finally, you need to add a jboss-web.xml file to the web application, which looks like this:
Note that you will need to use your security domain name, as chosen in the login-config.xml file.
Now, in the session EJB, add the following annotations to the class:
And add the following annotation to the bean method:
I went through this rather fast, and hope I didn't miss anything. If anyone sees something wrong, please correct me.