Pergunta

I'm trying to protect my administration which is after domain.com/edit/ with Realm and JDBC. I have done this on my development machine on a glassfish 4. But I don't get this thing working on openshift/jboss.

What I've done:

myproject.openshift\config\standalone.xml

   [...]
    <management>

        <security-realms>
            <security-realm name="managementSecurityRealm">
                <authentication>
                    <jaas name="loginRealm" />
                </authentication>
            </security-realm>
        </security-realms>
        <management-interfaces>
            <native-interface security-realm="managementSecurityRealm">
                <socket-binding native="management-native" />
            </native-interface>
            <http-interface security-realm="managementSecurityRealm">
                <socket-binding http="management-http" />
            </http-interface>
        </management-interfaces>

    </management>
   [...]
<security-domains>


                <security-domain name="loginRealm">
                    <authentication>
                        <login-module code="Database" flag="required">
                            <module-option name="dsJndiName"
                                value="java:jboss/datasources/MysqlDS" />
                            <module-option name="principalsQuery"
                                value="select PASSWORD from c_user where EMAIL=?" />
                            <module-option name="rolesQuery"
                                value="select groups_ROLENAME, 'Roles' from  c_user_c_user_role where User_EMAIL=?" />
                            <module-option name="hashAlgorithm" value="SHA-256" />

                        </login-module>
                    </authentication>
                </security-domain>
   [...]

myproject\src\main\webapp\WEB-INF\jboss-web.xml

 <?xml version="1.0" encoding="UTF-8"?>
    <jboss-web>

     <security-domain>java:/jaas/loginRealm</security-domain>

    </jboss-web>

And at last my myproject\src\main\webapp\WEB-INF\web.xml

  [...]<security-constraint>
        <display-name>administration-constraint</display-name>
        <web-resource-collection>
            <web-resource-name>administration</web-resource-name>
            <description>authorisation area</description>
            <url-pattern>/edit/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>headchef</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>loginRealm</realm-name>
        <form-login-config>
            <form-login-page>/viewLogin.jsf</form-login-page>
            <form-error-page>/viewError.jsf</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <description>Administrator</description>
        <role-name>headchef</role-name>
    </security-role>
    <security-role>
        <description>normal user which can create recipes</description>
        <role-name>cook</role-name>
    </security-role>
[...]

For example when I call the url http://myproject-namespace.rhcloud.com/edit/somepages I can access it directly. The login page will not be displayed! If I access the login page viewLogin.jsf directly and I try to login, jboss tells me "javax.servlet.ServletException: No authenticator available for programmatic login."

I dont know what I did wrong. Why I'm able to access the administration without login in and why do I get this exception. And last of it all, I'm generating my password hashes with Hashing.sha256().hashString(password, com.google.common.base.Charsets.UTF_8).toString(); Is it possible to set the encoding for the password algorithm function?

I appreciate any help.

Nenhuma solução correta

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top