Search code examples
jsfdeploymentjbossforms-authenticationcontainer-managed

Setup JSF application on JBoss 7.1

I want to deploy a working JSF appliction (Tomcat 7.0.34) on JBoss 7.1 I have configured the datasource so far, which is working. But I have troubles by setting up the container managed authentication. By calling the index.xhtml, all items are properly loaded from DB. But when I do a login, the user doesn't get any role. So he isn't allowed to access his customer details page. Thus I want to ask whether, I forgot something to configure.

My configuration:

standalone.xml

The security-domain seems to be working properly. If I change the selected column 'role' to 'r' an exception is thrown during the login. 

...
<datasource jndi-name="java:jboss/datasources/MySqlDS" pool-name="MySqlDS" enabled="true" use-java-context="true" use-ccm="true">
    <connection-url>jdbc:mysql://localhost:3306/bookstore</connection-url>
    <driver>mysql</driver>
        <security>
            <user-name>bookstore</user-name>
            <password>book$tore</password>
        </security>
</datasource>
...
<security-domain name="SgpRealm" cache-type="default">
    <authentication>
        <login-module code="Database" flag="required">
            <module-option name="dsJndiName" value="java:jboss/datasources/MySqlDS"/>
            <module-option name="principalsQuery" value="SELECT pwd FROM customer where eMail=?"/>
            <module-option name="rolesQuery" value="SELECT role, role FROM roles WHERE eMail=?"/>
            <module-option name="unauthenticatedIdentity" value="anonymous"/>
            <module-option name="password-stacking" value="useFirstPass"/>
        </login-module>
    </authentication>
</security-domain>

The jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<jboss>
    <security-domain>SgpRealm</security-domain>
</jboss>

The web.xml

<security-constraint>
    <web-resource-collection>
    <web-resource-name>Authenticated admins only</web-resource-name>
    <url-pattern>/faces/sections/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
    <role-name>ADMIN</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>FORM</auth-method>
<form-login-config>
    <form-login-page>/faces/sections/authentication/login.xhtml</form-login-page>
    <form-error-page>/faces/sections/authentication/loginFailed.xhtml</form-error-page>
</form-login-config>
</login-config>

<security-role>
    <role-name>ADMIN</role-name>
</security-role>

The login.xhtml

<h:form prependId="false">
<table id="loginTable" >
    <tr>
        <td><h:outputLabel for="email" value="#{msgs.username}" />
        </td>
        <td><h:inputText id="email" value="#{login.eMail}"
                            required="true" style="width:100%" /></td>
    </tr>
    <tr>
        <td><h:outputLabel for="password" value="#{msgs.password}" />
        </td>
        <td><h:inputSecret id="password" value="#{login.password}"
                            required="true" style="width:100%" /></td>
    </tr>
    <tr height="50px">
        <td colspan="2"><h:commandButton value="#{msgs.login}"
                            actionListener="#{login.doLogin}" style="width:104%" /></td>
    </tr>

</table>    
</h:form>

The Login.java#doLogin(...) method

public void doLogin(ActionEvent e) throws IOException {
FacesContext context = FacesContext.getCurrentInstance();
HttpServletRequest request = (HttpServletRequest) context
    .getExternalContext().getRequest();

try {
    // Try to login customer via container management
    request.login(eMail, password);

            /*
             * Prints out the username (eMail) of the logged in user !!!
             */                
            System.out.println(request.getUserPrincipal());

            if(request.isUserInRole("ADMIN")){

                    /*
                     * This part of source is never reached!!!!
                     */  

                    System.out.println("Role: ADMIN");
            }
            ...

By using the Tomcat instance there was a file called context.xml within the META-INF dir. (For JBoss I deleted it)

<Context>

    <Resource name="jdbc/bookstore" 
    auth="Container" 
    type="javax.sql.DataSource"
        username="bookstore"
        password="book$tore"
        driverClassName="com.mysql.jdbc.Driver"
        url="jdbc:mysql://localhost/bookstore"/>

</Context>

Do I need sth. similar for JBoss, or is there any additional configuration file neeeded?

Thanks a bunch!

Solution

  • So, my Application is now running on JBoss. I just changed the security-domain from 

    <security-domain name="SgpRealm" cache-type="default">
<authentication>
    <login-module code="Database" flag="required">
        <module-option name="dsJndiName" value="java:jboss/datasources/MySqlDS"/>
        <module-option name="principalsQuery" value="SELECT pwd FROM customer where eMail=?"/>
        <module-option name="rolesQuery" value="SELECT role, role FROM roles WHERE eMail=?"/>
        <module-option name="unauthenticatedIdentity" value="anonymous"/>
        <module-option name="password-stacking" value="useFirstPass"/>
    </login-module>
</authentication>

    to 

    <security-domain name="SgpRealm" cache-type="default">
<authentication>
    <login-module code="Database" flag="required">
        <module-option name="dsJndiName" value="java:jboss/datasources/MySqlDS"/>
        <module-option name="principalsQuery" value="SELECT pwd FROM customer where eMail=?"/>
        <module-option name="rolesQuery" value="SELECT role, role FROM roles WHERE eMail=?"/>
    </login-module>
</authentication>

    The file context.xml is still deleted.