Goal:Secure a JEE application in Glassfish using JAAS (Java Authentication and Authorization Service).
Used tools:
Server: Glassfish v3.1
IDE: NetBeans 6.9.1
Database: MySQL 5.1
Tutorial:
Step1:
Create a web application (JSF2) with netbeans. We will secure this application with JDBC Realm.
Step2:
Create a database mysql "security" and a table user CREATE TABLE `user` (
`user_name` varchar(45) NOT NULL,
`password` varchar(45) NOT NULL,
`group_name` varchar(45) DEFAULT NULL,
PRIMARY KEY (`user_name`)
)
Insert two rows into the table:
INSERT INTO `user` (`user_name`,`password`,`group_name`) VALUES
('admin','admin','Admin');
INSERT INTO `user` (`user_name`,`password`,`group_name`) VALUES
('user','user','User');Step3:
Create a JNDI (JDBC resource) related to the database security, using the administration console tree under glassfish Resources / JDBC.
Step4:
In the administrative console go under Security / Domains and create a new domain "jdbcRealmSecurity"
The propreties of jdbcRealmSecurity :
Step5:
Now we have to go edit the file web.xml. We'll start with the Login module configuration
The login form is the following :
<form action="j_security_check" method="POST">
<div><img src="/j_security_check/images/logo.jpg" width="40" height="40"/></div>
<div>Username: <input type="text" name="j_username"></div>
<div>Password: <input type="password" name="j_password"></div>
<div><input type="submit" value="Login"></div>
</form>
After that you define the roles:
Finally you define the security constraints:
Do not forget to go changing the sun-web.xml and add the group name to the specified roles.
You can test the application now :)
