Built with Seam

You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.

SimpleJAASExample

This article will cover setting up JAAS with the existing jmx-console security policy.

Open up components.xml and modify the default:

<security:identity authenticate-method="#{authenticator.authenticate}"
                           security-rules="#{securityRules}"
                              remember-me="true"/>

To:

<security:identity jaas-config-name="jmx-console" remember-me="true"/>

Remember that the authenticate-method and jaas-config-name are mutually exclusive, if you have one, you can't have the other. Setting jaas-config-name to jmx-console tells Seam to authenticate against the following security policy in JBoss:

<!-- A template configuration for the jmx-console web application. This
      defaults to the UsersRolesLoginModule the same as other and should be
      changed to a stronger authentication mechanism as required.
    -->
    <application-policy name = "jmx-console">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
           <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
           <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
          </login-module>
       </authentication>
    </application-policy>

Where the jmx-console-users.properties is:

# A sample users.properties file for use with the UsersRolesLoginModule
admin=admin

And jmx-console-roles.properties is:

# A sample roles.properties file for use with the UsersRolesLoginModule
admin=JBossAdmin,HttpInvoker

Now deploy your project and go to the home page and login. Login with admin/admin and you'll see:

Welcome, admin

That was simple enough, now let's see if the roles are there, on the home.seam page add:

<rich:panel>
    	<f:facet name="header">Security information</f:facet>
    	Identity principle: #{identity.principal} <br />
    	Identity subject: #{identity.subject} <br />
    	<h:outputText value="Display when user has the JBossAdmin roll" rendered="#{s:hasRole('JBossAdmin')}" /> <br />
    	<h:outputText value="Display when user has the Employee roll (Which isn't defined)" rendered="#{s:hasRole('Employee')}" />
    </rich:panel>

Redeploy or reexplode, now login again if necessary on the home page, you will now see:

Identity principle: admin
Identity subject: Subject: Principal: admin Principal: Roles(members:JBossAdmin,HttpInvoker)
Display when user has the JBossAdmin roll

From this point, you can begin integrating other JAAS security policies and writing your own.

Created: 14. Nov 2008, 12:31 America/New_York (Samuel Mendenhall)

Last Modified: 19. Sep 2011, 06:51 America/New_York (Shane Bryzak)