Aha, you to Brutus.
Security, one of the most interesting topics as well as most mythological as well. People tend to get hysterical when it comes to security, especially managers. There are several different ways to do it. In the good old days I remember hwo we made our own cookies and checked for users in files and databases without no standard whatsoever. Now I tend to use JAAS. Here is a small How to implement JAAS.
Everything below is made towards a solution on a Sun Application Server , for JBoss you must pick another how to somewhere else.
Step 1 - Create a authentication realm
| asadmin create-auth-realm --classname com.sun.enterprise.security.auth.realm.file.FileRealm --property jaas-context=fileRealm:file=aja_keyfile aja_realm |
Step 2 - Create a user to store in the realm
| asadmin create-file-user --authrealmname aja_realm --groups aja_admins jonas |
You will be promted for a password twice. This will create a new user, "jonas".
Step 3 - List the users in the realm
| asadmin list-file-users --authrealmname aja_realm |
Step 4 - Delete a user in the realm
| asadmin delete-file-user --authrealmname aja_realm |
List and delete are really not needed here but can be shown out of interest.
Take a break, you now have a realm and a user.
Step 5 - Create a proper sun-web.xml file
I want include any files since they are so small, but you do like this. Add (if you do not have it already) a sun-web.xml file into the WEB-INF directory of youweb application.
This shall be included
Step 6 - Create a proper web.xml file
Include this anywhere in the file;
unrestricted stylesheets
and
Step 7 - Create a login page
That's it. You are done now.
Step 8 - A note of caution
Please note this fundamentally important thing. If you do have a link to a style sheet in the login page, like
you MUST make sure that that directory is unprotected with an unristricted code block, like the one above. Otherwise you will be re-routed to the style sheet and not to your start page.
0 comments:
Post a Comment