Simple Java web application template with the secured content.
Get a released version or build the app yourself.
Use git to get it
git clone git://github.com/kwart/secured-webapp-template.gitor download current sources as a zip file
You need to have Maven installed
cd secured-webapp-template
mvn clean installThe vendor specific deployment descriptors (WEB-INF/jboss-web.xml and WEB-INF/jboss-ejb3.xml) refers to a web-tests security domain. You have to add it to your configuration.
Define the new security domain, either by using JBoss CLI (jboss-cli.sh / jboss-cli.bat):
Elytron is the new security framework in WildFly 11+ and EAP 7.1+.
Compared to legacy security, Elytron doesn't allow to load property files from classpath in properties-realm implementation. We'll use a FileSystemRealm to introduce test users population.
bin/jboss-cli.sh << EOT
embed-server
# create realm with users
/subsystem=elytron/filesystem-realm=web-tests:add(path=web-tests,relative-to=jboss.server.config.dir)
/subsystem=elytron/filesystem-realm=web-tests:add-identity(identity=user)
/subsystem=elytron/filesystem-realm=web-tests:set-password(identity=user, clear={password="user"})
/subsystem=elytron/filesystem-realm=web-tests:add-identity-attribute(identity=user, name=groups, value=["Users"])
/subsystem=elytron/filesystem-realm=web-tests:add-identity(identity=admin)
/subsystem=elytron/filesystem-realm=web-tests:set-password(identity=admin, clear={password="admin"})
/subsystem=elytron/filesystem-realm=web-tests:add-identity-attribute(identity=admin, name=groups, value=["Users", "Admin"])
# create security domain and other necessary config objects
/subsystem=elytron/simple-role-decoder=web-tests:add(attribute=groups)
/subsystem=elytron/constant-permission-mapper=web-tests:add(permissions=[{class-name="org.wildfly.security.auth.permission.LoginPermission"}])
/subsystem=elytron/security-domain=web-tests:add(default-realm=web-tests, permission-mapper=web-tests, realms=[{role-decoder=web-tests, realm=web-tests}]
# add Elytron security domain mapping from Undertow and EJB subsystems
/subsystem=elytron/provider-http-server-mechanism-factory=web-tests:add()
/subsystem=elytron/http-authentication-factory=web-tests:add(security-domain=web-tests, \
http-server-mechanism-factory=web-tests, \
mechanism-configurations=[ \
{mechanism-name=DIGEST,mechanism-realm-configurations=[{realm-name=web-tests}]}, \
{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=web-tests}]}, \
{mechanism-name=FORM}])
/subsystem=undertow/application-security-domain=web-tests:add(http-authentication-factory=web-tests)
/subsystem=ejb3/application-security-domain=web-tests:add(security-domain=web-tests)
EOTJust use UsersRoles JAAS login module which is available in the application server and it will read users.properties and roles.properties files from deployment classpath (WEB-INF/classes)
/subsystem=security/security-domain=web-tests:add(cache-type=default)
/subsystem=security/security-domain=web-tests/authentication=classic:add( \
login-modules=[{"code"=>"UsersRoles", "flag"=>"required"}]) {allow-resource-service-restart=true}
If you want to enable the DIGEST authentication in web.xml deployment descriptor, you also need to configure the web-tests security to hash passwords
stored in the user.properties files.
The CLI commands to do it:
/subsystem=security/security-domain=web-tests:add(cache-type=default)
/subsystem=security/security-domain=web-tests/authentication=classic:add(login-modules=[{"code"=>"UsersRoles", "flag"=>"required", "module-options" => {"hashAlgorithm" => "MD5", "hashEncoding" => "RFC2617","hashUserPassword" => "false", "hashStorePassword" => "true","passwordIsA1Hash" => "false", "storeDigestCallback" => "org.jboss.security.auth.callback.RFC2617Digest" }}]) {allow-resource-service-restart=true}Copy the produced secured-webapp.war from the target folder to the deployment folder of your container.
Open the application URL in the browser. E.g. http://localhost:8080/secured-webapp/