环境:JBoss EAP 6.4.0
1. 修改standalone.xml 文件,在security-domains中增加如下内容:
<security-domain name="sso" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>
</login-module>
</authentication>
</security-domain>
2. 在[jboss_home_dir]/configuration目录下新增一个文件:users.properties
内容如下:
test=test
3. 在[jboss_home_dir]/configuration目录下新增一个文件:roles.properties
内容如下:
test=Manager
4. 修改Web应用中jboss-web.xml内容如下:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.org/schema/jbossas
http://www.jboss.org/schema/jbossas/jboss-web_7_2.xsd">
<!-- Configure usage of the security domain "other" -->
<security-domain>sso</security-domain>
<valve>
<class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>
</valve>
</jboss-web>
5. 修改Web应用中web.xml内容如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>example1</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Sample Realm</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>Manager</role-name>
</security-role>
</web-app>
6. login.jsp 内容如下:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Simple Web App</title>
</head>
<body>
<h1>Welcome to EAP 6</h1>
<p>This is a simple web app deployed as a compressed WAR file named example.war</p>
<form id="login_form" name="login_form" method="post"
action="j_security_check" enctype="application/x-www-form-urlencoded">
<center>
<p>Please login to proceed.</p>
</center>
<div style="margin-left: 15px;">
<p>
<label for="username"> Username</label><br /> <input id="username"
type="text" name="j_username" size="20" />
</p>
<p>
<label for="password"> Password</label><br /> <input id="password"
type="password" name="j_password" value="" size="20" />
</p>
<center>
<input id="submit" type="submit" name="submit" value="Login"
class="buttonmed" />
</center>
</div>
</form>
</body>
</html>
7. 启动JBoss EAP,先后部署example1.war 和 example2.war
8. 访问 http://localhost:18080/example1/
由于配置了安全,会提示登陆,输入用户名test,口令test,成功登陆后,直接访问
http://localhost:18080/example2/,发现不再提示登陆。说明SSO配置成功。
参考文献:
1. http://www.mastertheboss.com/jboss-server/jboss-security/configuring-single-signon-on-jboss-as-7
2. 《JBoss_Enterprise_Application_Platform-6.4-Security_Guide-en-US.pdf》
1. 修改standalone.xml 文件,在security-domains中增加如下内容:
<security-domain name="sso" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>
</login-module>
</authentication>
</security-domain>
2. 在[jboss_home_dir]/configuration目录下新增一个文件:users.properties
内容如下:
test=test
3. 在[jboss_home_dir]/configuration目录下新增一个文件:roles.properties
内容如下:
test=Manager
4. 修改Web应用中jboss-web.xml内容如下:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.org/schema/jbossas
http://www.jboss.org/schema/jbossas/jboss-web_7_2.xsd">
<!-- Configure usage of the security domain "other" -->
<security-domain>sso</security-domain>
<valve>
<class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>
</valve>
</jboss-web>
5. 修改Web应用中web.xml内容如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>example1</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Sample Realm</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>Manager</role-name>
</security-role>
</web-app>
6. login.jsp 内容如下:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Simple Web App</title>
</head>
<body>
<h1>Welcome to EAP 6</h1>
<p>This is a simple web app deployed as a compressed WAR file named example.war</p>
<form id="login_form" name="login_form" method="post"
action="j_security_check" enctype="application/x-www-form-urlencoded">
<center>
<p>Please login to proceed.</p>
</center>
<div style="margin-left: 15px;">
<p>
<label for="username"> Username</label><br /> <input id="username"
type="text" name="j_username" size="20" />
</p>
<p>
<label for="password"> Password</label><br /> <input id="password"
type="password" name="j_password" value="" size="20" />
</p>
<center>
<input id="submit" type="submit" name="submit" value="Login"
class="buttonmed" />
</center>
</div>
</form>
</body>
</html>
7. 启动JBoss EAP,先后部署example1.war 和 example2.war
8. 访问 http://localhost:18080/example1/
由于配置了安全,会提示登陆,输入用户名test,口令test,成功登陆后,直接访问
http://localhost:18080/example2/,发现不再提示登陆。说明SSO配置成功。
参考文献:
1. http://www.mastertheboss.com/jboss-server/jboss-security/configuring-single-signon-on-jboss-as-7
2. 《JBoss_Enterprise_Application_Platform-6.4-Security_Guide-en-US.pdf》