Tuesday, June 17, 2014
JAAS, using Tomcat and Postgresql
Setup JAAS using eclipse, tomcat and postgresql
Prerequisites:
- Java: java version "1.7.0_60"
- Eclipse: Version: Kepler Service Release 2
- Database: Postgresql 9.3.4
- Webserver: apache-tomcat-7.0.54
Project setup: In eclipse create a new maven project, using the following archetype:
Group id: org.apache.maven.archetypes
Artifact id: maven-archetype-webapp
Create a welcome page.
Also in eclipse create a server definition of the tomcat installation, choosing "Use workspace metadata (does not modify Tomcat installation)"
For the actual JAAS setup execute the following steps:
1. Copy jar containing jdbc driver (postgresql-9.3-1101.jdbc4.jar) for postgres to $TOMCAT_HOME/lib
2. In postgres create a schema called jaas.
3. In the jaas schema create the following two tables:
CREATE TABLE jaas.users
(
user_name character varying(15) NOT NULL,
user_pass character varying(15) NOT NULL,
CONSTRAINT pk_users PRIMARY KEY (user_name)
);
CREATE TABLE jaas.user_roles
(
user_name character varying(15) NOT NULL,
role_name character varying(15) NOT NULL,
CONSTRAINT pk_user_roles PRIMARY KEY (user_name, role_name)
);
4. Fill the tables:
insert into jaas.users (user_name, user_pass) values ('user123', 'pass123');
insert into jaas.user_roles (user_name, role_name) values ('user123', 'admin_role');
5. In the eclipse server definition for tomcat add a datasource to context.xml:
<Resource name="jdbc/pgDatasource" auth="Container" type="javax.sql.DataSource"
driverClassName="org.postgresql.Driver" url="jdbc:postgresql://localhost:5432/<database_name>"
username="<username>" password="<password>" maxActive="20" maxIdle="10"
maxWait="-1" />
6. In the eclipse server definition for tomcat add a DatasourceRealm to server.xml (just beneath the lockoutRealm):
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="jdbc/pgDatasource"
debug="9"
localDataSource="true"
roleNameCol="role_name"
userCredCol="user_pass"
userNameCol="user_name"
userRoleTable="jaas.user_roles"
userTable="jaas.users"/>
7. In the project's web.xml add the following security constraint section:
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin_role</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login_error.jsp</form-error-page>
</form-login-config>
</login-config>
Also possible is <auth-method>BASIC</auth-method>, instead of form. In that case the browser will
present the user with a (basic) popup window to enter his/her credentials.
Auth-method FORM allows you to create a custom login view.
8. Create the login.jsp and login_error.jsp:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login</title>
</head>
<body>
<form method=post action="j_security_check" >
<p>
<span>Username:</span>
<br />
<input type="text" name= "j_username" >
</p>
<p>
<span>Password:</span>
<br />
<input type="password" name= "j_password" >
</p>
<p>
<input type="submit" value="Login">
</p>
</form>
</body>
</html>
The login_error.jsp page can be a copy of the login.jsp page, but containing a message that the previous
authentication attempt failed.
Now in order to be able to log-out again you need a link pointing to a servlet
where the session can be invalidated:
request.getSession().invalidate();
project at GitHub
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment