Authorization with JAAS/Struts2 on JBoss 4.2.2

Has anyone been able to use Authorization with JAAS/Struts2 with JBoss?

Would you be kind enough to show sample code, and how you integrated it?

I am simply trying to use JAAS for authenticating the user by incorporating it in STRUTS2 action. So how does STRUTS action do the JNDI lookup? What config files like login-config.xml etc should be set on JBoss? How do i setup the datasource on JBoss that my Struts2 action can use to lookup via JNDI.

Appreciate the help.

Use login-config.xml from conf folder and modify it as follows

<!-- Authentication mechanism for Your Application -->
<application-policy name = "XXXRealm">
<authentication>
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "optional">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name = "dsJndiName">java:/DATASOURCE_NAME</module-option>
<module-option name = "principalsQuery">SELECT USER_ID FROM USER_TABLE WHERE USER_ID = ?</module-option>
<module-option name = "rolesQuery">SELECTDISTINCT USER_FLAG, 'Roles' FROM USER_ROLES WHEREUSER_ID = ?</module-option>
<module-option name="debug">true</module-option>
</login-module>
</authentication>
</application-policy>

Similarly you have to add the <security-constraint> and <login-config> elements in your web.xml file

I dont know if struts2 uses different types of datasource files, but i have used conventional Jboss datasource file which has following syntax

<datasources>
<local-tx-datasource>
<jndi-name>MySqlDS</jndi-name>
<connection-url>jdbc:mysql://mysql-hostname:3306/jbossdb</connection-url>
<driver-class>com.mysql.jdbc.Driver</driver-class>
<user-name>x</user-name>
<password>y</password>
</local-tx-datasource>
</datasources>

Thanks Sushil!! That was very helpful

Once the user does get authenticated with JAAS, how does a STRUTS action check what roles they user has so it can determine the correct jsp to display to the user?