mercredi 8 décembre 2010

Secure a JEE application in Glassfish using JAAS

Goal:Secure a JEE application in Glassfish using JAAS (Java Authentication and Authorization Service).

Used tools:
Server: Glassfish v3.1
IDE: NetBeans 6.9.1
Database: MySQL 5.1

Tutorial:
Step1:
Create a web application (JSF2) with netbeans. We will secure this application with JDBC Realm.
Step2:
 
Create a database mysql "security" and a table user "CREATE TABLE `user` (
`user_name` varchar(45) NOT NULL,
`password` varchar(45) NOT NULL,
`group_name` varchar(45) DEFAULT NULL,
PRIMARY KEY (`user_name`)
)
"
Insert two rows into the table:
INSERT INTO `user` (`user_name`,`password`,`group_name`) VALUES
('admin','admin','Admin');
INSERT INTO `user` (`user_name`,`password`,`group_name`) VALUES
('user','user','User');

Step3:
Create a JNDI (JDBC resource) related to the database security, using the administration console tree under glassfish Resources / JDBC.
Step4:
In the administrative console go under Security / Domains and create a new domain "jdbcRealmSecurity"
The propreties of jdbcRealmSecurity :

Step5:
Now we have to go edit the file web.xml. We'll start with the Login module configuration
The login form is the following :

After that you define the roles:
Finally you define the security constraints:
Do not forget to go changing the sun-web.xml and add the group name to the specified roles.

You can test the application now :)