This tutorial desribes, how to install and configure a standalone Tomcat, so that a deployed webapp can connect to a jBoss and use the authentication of the application server. This method is decoupled from the login module or authentication type (LDAP, Database, …), respectively. It differs from the approach described in Standalone Tomcat with jBoss plus authentication against LDAP, in that it allows for parallel logged in users and it does not need to authenticate to LDAP/Database on both sides, but on the jBoss only.
Often it is necessary to be notified, whenever a user logs in or out. This tutorial shows, how this can be achieved with tapestry 5 using form based authentication supported by a web container like tomcat. A really nice design decision of tapestry 5 is not to use XML for configuration, but pure Java. Beside avoiding most of the configuration overhead by following the paradigm Convention over Configuration, there are service classes being responsible for the configuration as defining filters or customized dependency injection and much more. Read More
A jboss login module (like the
LdapExtLoginModule in jbosssx.jar shipped with jboss-5.0.1.GA) returns a
Group array with one
SimpleGroup named “Roles” as its role set.
The parent class
AbstractServerLoginModule combines this with the
object representing the user. So the set of principals consists of two entries acting as the
user and his roles. These are added to the principals of the
Subject instance, which
has been given to the login module when
LoginModule#initialize(Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
There is a 2nd edition of this post: Standalone Tomcat with jBoss (2nd Edition)!
This tutorial desribes, how to install and configure a standalone Tomcat, so that a deployed webapp can authenticate against LDAP and connect to a jBoss passing the credentials in every call of an EJB via remote interface , so that the business application can authenticate against the same LDAP, too. The configuration of the jBoss seems to be a more common and better documented task and will be covered in another tutorial, which I will link here later, as soon as I have written it.
WARNING: Please don’t use this solution in a productive system, but for testing purpose only. The custom LdapExtLoginModule presented here exposes the credentials of all online users to all classes using the same class loader! I will add a blog post, as I find a solution for production systems.