Tito's Blog

The following steps will guide you through the process of configuring a JBoss security realm which relies upon LDAP for authentication and authorization.

Create LDAP password file

Use the following command to create an encrypted password file ( keystore ) and create encrypted password:

Create keystore:

java

-cp “jbosssx.jar”

org.jboss.security.plugins.FilePassword [salt] [iterations] [keystore pwd] [keystore]

Move [keystore] file into the /server/[profile]/conf/ directory.

Encrypt password:

java

-cp “jbosssx.jar”

org.jboss.security.plugins.PBEUtils [salt] [iterations] [keystore pwd] [ldap pwd]

Note the encrypted password returned; this will be used later.

Deploy JAAS security domain

Add the following to the /server/[profile]/conf/jboss-service.xml file:

{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/[keystore]

[salt]

[iterations]

jboss.security:service=JaasSecurityManager

Define security policy

Add the following to the /server/[profile]/conf/login-conf.xml file:

userName

1kBTIKcNGarLb7F2qKdsza

jboss.security:service=JaasSecurityDomain,domain=MyLdapPassword

ldap://10.0.0.1:389

simple

dc=users,dc=westernunion,dc=com

true

(cn={0})

ou=roles,ou=Organizational Units,dc=cleartrust1,dc=westernunion,dc=com

(member={1})

cn

cn

false

0

anything

Use security

If securing a web based application, put the following in your jboss-web.xml file:

java:/jaas/ldap-policy–>

and add something similar to your web.xml file:

myServlet

myServlet

my.package.myServlet

name_in_servlet

name_in_security

Secure Content

/myServlet

GET

POST

name_in_security

The roles required to access secured resources

name_in_security

BASIC

the basic security zone