Friday Feb 15, 2008

Using JDBCRealm with self-registration

My last blog talked about a pattern to implement self-registration. As a follow up, in this blog I talk about how to use a JDBCRealm in this context.

First we need to create a data realm in glassfish. Here is how you can do it using an ant task. (You need to populate the variables appropriately, ofcourse).

    <exec executable="${ASADMIN_SCRIPT}">
      <arg line="create-auth-realm" />
      <arg line="--user ${AS_ADMIN_USER}" />
      <arg line="--passwordfile ${PASSFILE}" />
      <arg line="--host ${AS_SERVER_NAME}" />
      <arg line="--port ${AS_ADMIN_PORT}" />
      <arg line="--classname com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm" />
      <arg line='--property 
digest-algorithm=SHA:encoding=Hex:user-name-column=USERNAME
:password-column=PASSPHRASE:group-name-column=ROLENAME
:jaas-context=jdbcRealm:datasource-jndi="jdbc/CommonDB"
:group-table=MYUSERROLE_VIEW:user-table=MYUSER' />
      <arg line="JDBC_UserRealm" />
    </exec>

Then, your persistence.xml would have an entry for the persistence unit that maps the PU name to the data source:

  <persistence-unit name="UserManagementPU" transaction-type="RESOURCE_LOCAL">
    <provider>oracle.toplink.essentials.ejb.cmp3.EntityManagerFactoryProvider</provider>
    <non-jta-data-source>java:comp/env/jdbc/CommonDB</non-jta-data-source>
    <class>com.x.y.User</class>
    <class>com.x.y.UserRole</class>
  </persistence-unit>

The User management implementation should talk to this realm. So the EntityManagerFactory should be created looking up this JNDI.

                
String jndiName = "java:comp/env/" + "CommonDB";
EntityManagerFactoy emf = 
(EntityManagerFactory) new InitialContext().lookup(emfJndiName);
...

The user table is now exposed through this realm, so that you can use it in your login page as follows.

Add this to your applications's web.xml to use this realm during form login.

    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>JDBC_UserRealm</realm-name>
        <form-login-config>
            <form-login-page>/login.jsf</form-login-page>
            <form-error-page>/loginError.jsf</form-error-page>
        </form-login-config>
    </login-config>

Wednesday Jan 02, 2008

Social Software for Glassfish available!

Sun recently released its "Social Software for GlassFish". It is available through the update center for 9.1 and 9.1 UR1 releases. [Read More]

Wednesday Jul 25, 2007

LDAP based user authentication in glassfish

If you're using glassfish and developing a new web application that needs to be authenticated against an LDAP server, this blog talks about how you can do it.

For a normal (default) file-realm based authentication, your web.xml would have a security-constraint that should look something like:


 <security-constraint>
        <web-resource-collection>
            <web-resource-name>build</web-resource-name>
            <url-pattern>\*.jsf</url-pattern>
            <url-pattern>/download/\*</url-pattern>
            <url-pattern>/resource/\*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>admin-realm</realm-name>
        <form-login-config>
            <form-login-page>/login.jsf</form-login-page>
            <form-error-page>/loginError.jsf</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <role-name>admin</role-name>
    </security-role>

Now you want to change this to have an authentication against your LDAP server. You need to do the following:

First, you should create an LDAP realm in glassfish appserver i.e. the domain.xml entries should look something like:


<auth-realm classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm" name="myLDAPRealm">
        <property name="directory" value="ldap://myldapserver:portnumber"/>
        <property name="base-dn" value="dc=sun,dc=com"/>
        <property name="jaas-context" value="ldapRealm"/>
</auth-realm>  

Now in your web.xml file configure your app to use this LDAP i.e. the web.xml entries should look like:


    <security-constraint>
        <web-resource-collection>
            <web-resource-name>protected</web-resource-name>
            <url-pattern>\*.jsf</url-pattern>
            <url-pattern>/download/\*</url-pattern>
            <url-pattern>/resource/\*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>USER</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>myLDAPRealm</realm-name>
            <form-login-config>
            <form-login-page>/login.jsf</form-login-page>
            <form-error-page>/loginError.jsf</form-error-page>
        </form-login-config>
    </login-config> 
    <security-role>
        <role-name>USER</role-name>
    </security-role>

Your sun-web.xml should look something like,


<security-role-mapping>
              <role-name>USER</role-name>
              <group-name>people</group-name>
              <group-name>Employee Group</group-name>
</security-role-mapping>

VOILA!

Tuesday Jul 10, 2007

Getting to know JSFTemplating

JSFTemplating provides a templating mechanism for JavaServer Faces Technology that works with JavaServer Faces to make building pages and components easier.

Since its an open-source project at java.net, it's easy to gain access to the source code, try it out and even contribute! It sounds fun enough to get started with the setup.

You will need :

  1. Glassfish
  2. Get the files
  3. Start creating pages!

Monday Jul 02, 2007

How can I check if my updatecenter module got installed successfully?

How can I check if my updatecenter module got installed successfully?

The module gets unzipped or expanded under GF_V2_HOME/updatecenter/registry/glassfish/packagename.of.your.module

If something went wrong, where can I see it?

In the logs under GF_V2_HOME/updatecenter/logs. GF_V2 FCS will contain some bug fixes that promise better logging capabilites. That would be really nice!

About

manveen

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today