December 9, 2010

Securing a JEE application

Goal:Secure a JEE application in Glassfish using JAAS (Java Authentication and Authorization Service).

Used tools:
Server: Glassfish v3.1
IDE: NetBeans 6.9.1
Database: MySQL 5.1

Create a web application (JSF2) with netbeans. We will secure this application with JDBC Realm.
Create a database mysql "security" and a table user
`user_name` varchar(45) NOT NULL,
`password` varchar(45) NOT NULL,
`group_name` varchar(45) DEFAULT NULL,
PRIMARY KEY (`user_name`)
Insert two rows into the table:
INSERT INTO `user` (`user_name`,`password`,`group_name`) VALUES
INSERT INTO `user` (`user_name`,`password`,`group_name`) VALUES
Create a JNDI (JDBC resource) related to the database security, using the administration console tree under glassfish Resources / JDBC.
In the administrative console go under Security / Domains and create a new domain "jdbcRealmSecurity"
The propreties of jdbcRealmSecurity :

Now we have to go edit the file web.xml. We'll start with the Login module configuration
The login form is the following :
<form action="j_security_check" method="POST">
    <div><img src="/j_security_check/images/logo.jpg" width="40" height="40"/></div>
    <div>Username:&nbsp;<input type="text" name="j_username"></div>
    <div>Password:&nbsp;<input type="password" name="j_password"></div>
    <div><input type="submit" value="Login"></div>
After that you define the roles:
Finally you define the security constraints:
Do not forget to go changing the sun-web.xml and add the group name to the specified roles.

You can test the application now :)

No comments:

Post a Comment