环境:JBoss EAP 6.4.0
1. 配置derby 数据源
请参考《EAP 6 功能演示2 :DataSource 部署》。
2. 创建数据库表
这里使用之前已经创建好的 derby:demoDB
(1)cd /Users/maping/Apache/db-derby/bin
进入SQL交互 ./ij
ij> Connect 'jdbc:derby:demoDB;user=demo;password=demo';
ij> CREATE TABLE principles ( principal_id VARCHAR(64) primary key,password VARCHAR(64));
ij> CREATE TABLE roles ( principal_id VARCHAR(64),user_role VARCHAR(64),role_group VARCHAR(64));
ij>INSERT INTO principles VALUES('TestUserOne','PasswordOne');
ij>INSERT INTO principles VALUES('TestUserTwo','PasswordTwo');
ij>INSERT INTO roles VALUES('TestUserOne','TestRoleOne','TestUserOneGroup');
ij>INSERT INTO roles VALUES('TestUserTwo','TestRoleTwo','TestUserTwoGroup');
(2)cd /Users/maping/Apache/db-derby/bin
启动 ./startNetworkServer
停止 ./stopNetworkServer
3. 修改 EAP 配置文件
(1)cp standalone.xml standalone-database-auth.xml
(2)vim standalone-database-auth.xml
<security-domain name="DBAuthTest" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/DemoDataSource"/>
<module-option name="principalsQuery" value="select password from PRINCIPLES where principal_id=?"/>
<module-option name="rolesQuery" value="select user_role, 'Roles' from ROLES where principal_id=?"/>
</login-module>
</authentication>
</security-domain>
如果有必要,可以输出详细的安全日志,用于调试
<category name="org.jboss.security">
<priority value="TRACE"/>
</category>
4. 修改Web应用配置文件
(1)web.xml
<security-constraint>
<display-name>Constraint-0</display-name>
<web-resource-collection>
<web-resource-name>Constraint-0</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>TestRoleOne</role-name>
</security-role>
(2)jboss-web.xml
<security-domain>java:/jaas/DBAuthTest</security-domain>
5. 部署example_auth.war
6. 访问:http://localhost:18080/example_auth/
需要登录,输入用户:TestUserOne 口令:PasswordOne。
参考文献:
1. http://middlewaremagic.com/jboss/?p=387
1. 配置derby 数据源
请参考《EAP 6 功能演示2 :DataSource 部署》。
2. 创建数据库表
这里使用之前已经创建好的 derby:demoDB
(1)cd /Users/maping/Apache/db-derby/bin
进入SQL交互 ./ij
ij> Connect 'jdbc:derby:demoDB;user=demo;password=demo';
ij> CREATE TABLE principles ( principal_id VARCHAR(64) primary key,password VARCHAR(64));
ij> CREATE TABLE roles ( principal_id VARCHAR(64),user_role VARCHAR(64),role_group VARCHAR(64));
ij>INSERT INTO principles VALUES('TestUserOne','PasswordOne');
ij>INSERT INTO principles VALUES('TestUserTwo','PasswordTwo');
ij>INSERT INTO roles VALUES('TestUserOne','TestRoleOne','TestUserOneGroup');
ij>INSERT INTO roles VALUES('TestUserTwo','TestRoleTwo','TestUserTwoGroup');
(2)cd /Users/maping/Apache/db-derby/bin
启动 ./startNetworkServer
停止 ./stopNetworkServer
3. 修改 EAP 配置文件
(1)cp standalone.xml standalone-database-auth.xml
(2)vim standalone-database-auth.xml
<security-domain name="DBAuthTest" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/DemoDataSource"/>
<module-option name="principalsQuery" value="select password from PRINCIPLES where principal_id=?"/>
<module-option name="rolesQuery" value="select user_role, 'Roles' from ROLES where principal_id=?"/>
</login-module>
</authentication>
</security-domain>
如果有必要,可以输出详细的安全日志,用于调试
<category name="org.jboss.security">
<priority value="TRACE"/>
</category>
4. 修改Web应用配置文件
(1)web.xml
<security-constraint>
<display-name>Constraint-0</display-name>
<web-resource-collection>
<web-resource-name>Constraint-0</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>TestRoleOne</role-name>
</security-role>
(2)jboss-web.xml
<security-domain>java:/jaas/DBAuthTest</security-domain>
5. 部署example_auth.war
6. 访问:http://localhost:18080/example_auth/
需要登录,输入用户:TestUserOne 口令:PasswordOne。
参考文献:
1. http://middlewaremagic.com/jboss/?p=387