How to allow any user in JBoss config - java

I have an access problem in a Java web application and I think that it's because of the rights of JBoss.
I'm using JBoss 7.1. I found the files application-roles.properties and application-users.properties and I think that it's where we must assign the rights. Actually, I have nothing in these files.
I've searched about this conf but I don't find anything which can help me.
Can anybody help me to give all rights to any users please ? And maybe explain me how it works please.

Just adding users to file is not going to do the trick. Here are the basic steps in adding authentincation and authorization in Java Web App.
Create a login module and define a JNDI name for the login module in
the Java application server. There are many login modules to choose
from such as LDAP, Database, UserProperties, Certificate, etc. This is where you can point the login module to the application-user.properties for principal authentication and application-roles.properties for the roles definitions.
Then you need to add proper web application security-constraints in your web.xml along with authentication type of basic or form. This is pretty standard configuration.
Finally, add the login module JNDI name in the jboss-web.xml file under WEB-INF (for a WAR file) or META-INF (for a JAR or an EAR file).
You can follow along this example if you are planning to use the application-user and roles file for your application. Most organizations usually use LDAP or Database type of login modules for authentication since that's more scalable and secured. You can see a list of few other login modules here.

Related

how to add a parameter to spring project before <projectname>/login and after <localhost>:<portnumber> without hardcode?

I'm working on a Spring MVC project. When I run the application the URL is:
http://localhost:8080/insureYou/login
but I want:
http://localhost:8080/contextroot/insureYou/login
Is there any way of doing it without hardcoding?
In a spring-boot project you can set the context-root by specifying the following property in the application.properties file:
server.servlet.context-path=/yourcontextroot
Without spring-boot, it depends on the webserver and Tomcat offers a number of options.
I would personally opt for a META-INF/context.xml file in your war file containing the necessary information but you can also include the information in the server.xml file or in a ROOT.xml file.
See the following links for further guidance:
How to set the context path of a web application in Tomcat 7.0
https://tomcat.apache.org/tomcat-8.0-doc/config/context.html
https://www.baeldung.com/tomcat-root-application
This type of deployment however sometimes is handled separately, through an Apache server reverse-proxy or through URL rewriting.
I recommend you ascertain whether this type of need is already taken care of by your company's deployment procedures, as you may not need to deal with it at all.

How to let user configure a file inside the war file

There is an application, say myApp.war (developed using Spring MVC) that I give the users to deploy in their tomcat webapp folder. When the user starts tomcat, the war is exploded, and then I ask the user to go myApp/WEB-INF/classes/persistence.properties and ask him to edit just one property name (actually an HSQLDB path). Post that I ask the user to stop tomcat, delete the war file and start tomcat server again. And the application is up and running.
Although the users are not complaining, I believe there has to be a better way of doing this. For example when the users deploy wordpress or hudson and the first time they try to access the app. they are redirected to an install page where they do their basic configuration and they are up and running. How can I achieve it here.
I have used JNDI to solve this very problem in the past. Here is a nice example to show you how to do this with Spring:
http://www.journaldev.com/2597/spring-datasource-jndi-with-tomcat-example
Checkout JMX which can allow on the fly configuration, or there is one obix framework
Why not something like this:
Use a relative path with sysprops, like ${user.home}/path-to-hsqldb. If the user runs tomcat as user "jim", it will look in c:\users\jim\path-to-hsqldb (Windows) or /usr/jim/path-to-hsqldb (Linux)
You might need to use Spring's <context:property-placeholder/> to enable this.

Realm configuration in tomcat for forms authentication

I'm developing a java web project using tomcat. I've successfully implemented forms authentication in my project.
Is there a way to configure the Realm not in the server.xml?
I need to send my project to someone - and there is a demand that he wouldn't have to do such "extra" configuration.
Is there a way to put the Realm section somewhere in my project - like at web.xml?
Perhaps there is some other way that I can achieve that?
Thanks
Yes, you can put realm into server.xml but also into context.xml.
Moreover this is recommended configuration.
Please refer to the following document for details: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html

Put authentication/login configuration inside PROJECT

I implemented a custom login module I want to use with the JBoss AS 6. I followed some tutorial guidelines on the internet, namely http://x-techteam.blogspot.com/2007/04/jboss-custom-login-module-simple.html.
They write about configuring ${JBOSS_HOME}/server/default/conf/login-config.xml and deploy a JAR with the custom login module, but I don't like the idea of changing a configuration within the JBoss folder.
I really would like to have ALL configurations within my WAR file. The EE application I write will be sent to some customers and they should not have to worry about configuring some security contexts or roles via XML.
So my question is:
Can I have a local login-config.xml within my war that will be picked up by JBoss?
Can the custom login module class remain within my war, without having to deploy it to some JBoss folder?
Thank you in advance.
Use dynamic security domains:
link

Where do i find the JOSSO database configuration file?

We have Josso authentication on our website and recently we changed the mysql server and now are in the process of upgrading all the mysql hostnames, usernames and passwords in the database configuration files.
However, a critical component of our site - Josso is still nonfunctional because we have no idea where the database configuration file of josso exists.
I would really appreciate anything that helps me figure out where this is located.
Here is the URL of the site through which it is trying to access Josso :
https://www.mysite.com:8443/josso/signon/usernamePasswordLogin.do;jsessionid=97FACC232630E8A8B93B141A67FBE01C
Edit : We are using Tomcat 6 located under /etc/tomcat6 and also has a server.xml file inside it. I could not find anything relevant related to josso db settings there.
Hopefully you've already figured this out, but this should be documented for others. This documentation is available at the JOSSO wiki, database section.
Assuming JOSSO 1.8.x, there is either a file in $TOMCAT_HOME/lib, which is where we have our configuration, or in $TOMCAT_HOME/webapps/josso/WEB-INF/classes called josso-gateway-db-stores.xml. If you cannot find this file, look for josso-gateway-config.xml which will have the various import statements for the other parts of the gateway configuration. The store configuration contains elements which reference a dsJndiName. This is the datasource that is either defined in you META-INF/context.xml file or in Tomcat's server.xml as a Resouce element.

Categories

Resources