JDBC Realm with JBoss on openshift - how to
Pergunta
I'm trying to protect my administration which is after domain.com/edit/ with Realm and JDBC. I have done this on my development machine on a glassfish 4. But I don't get this thing working on openshift/jboss.
What I've done:
myproject.openshift\config\standalone.xml
[...]
<management>
<security-realms>
<security-realm name="managementSecurityRealm">
<authentication>
<jaas name="loginRealm" />
</authentication>
</security-realm>
</security-realms>
<management-interfaces>
<native-interface security-realm="managementSecurityRealm">
<socket-binding native="management-native" />
</native-interface>
<http-interface security-realm="managementSecurityRealm">
<socket-binding http="management-http" />
</http-interface>
</management-interfaces>
</management>
[...]
<security-domains>
<security-domain name="loginRealm">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName"
value="java:jboss/datasources/MysqlDS" />
<module-option name="principalsQuery"
value="select PASSWORD from c_user where EMAIL=?" />
<module-option name="rolesQuery"
value="select groups_ROLENAME, 'Roles' from c_user_c_user_role where User_EMAIL=?" />
<module-option name="hashAlgorithm" value="SHA-256" />
</login-module>
</authentication>
</security-domain>
[...]
myproject\src\main\webapp\WEB-INF\jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/loginRealm</security-domain>
</jboss-web>
And at last my myproject\src\main\webapp\WEB-INF\web.xml
[...]<security-constraint>
<display-name>administration-constraint</display-name>
<web-resource-collection>
<web-resource-name>administration</web-resource-name>
<description>authorisation area</description>
<url-pattern>/edit/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>headchef</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>loginRealm</realm-name>
<form-login-config>
<form-login-page>/viewLogin.jsf</form-login-page>
<form-error-page>/viewError.jsf</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Administrator</description>
<role-name>headchef</role-name>
</security-role>
<security-role>
<description>normal user which can create recipes</description>
<role-name>cook</role-name>
</security-role>
[...]
For example when I call the url http://myproject-namespace.rhcloud.com/edit/somepages I can access it directly. The login page will not be displayed! If I access the login page viewLogin.jsf directly and I try to login, jboss tells me "javax.servlet.ServletException: No authenticator available for programmatic login."
I dont know what I did wrong. Why I'm able to access the administration without login in and why do I get this exception. And last of it all, I'm generating my password hashes with Hashing.sha256().hashString(password, com.google.common.base.Charsets.UTF_8).toString(); Is it possible to set the encoding for the password algorithm function?
I appreciate any help.
Nenhuma solução correta