Wildfly Form Authentication

Question

I have tried to work this out for several days. I am trying to create a form based authentication for my JAVA EE app which is running on wildfly. I am using JAX-RS and AngularJS. I have created the wildfly security domain as follows

 <security-domain name="malison">
                <authentication>
                    <login-module code="Database" flag="required">
                        <module-option name="dsJndiName" value="java:jboss/datasources/malisonDS"/>
                        <module-option name="principalsQuery" value="select password from USER where user=?"/>
                        <module-option name="rolesQuery" value="select position from USER where user=?"/>
                    </login-module>
                </authentication>
            </security-domain>

and configured my web.xml

 <security-constraint>
    <display-name>UnSecuredPages</display-name>

    <web-resource-collection>
        <web-resource-name>Access</web-resource-name>
        <url-pattern>/api/user/*</url-pattern>
    </web-resource-collection>        
    <web-resource-collection>
        <web-resource-name>Access</web-resource-name>
        <url-pattern>/user.jsp</url-pattern>
    </web-resource-collection>

    <web-resource-collection>
        <web-resource-name>Access</web-resource-name>
        <url-pattern>/assets/*</url-pattern>
    </web-resource-collection>
</security-constraint>

<security-role>
    <role-name>ADMIN</role-name>
</security-role>

Now I have a problem writing code for my authenticate function. Which should send a success reply to the client. I thought this would work.

    @POST
@Path("/authenticate")
@Consumes(MediaType.APPLICATION_JSON)
public String authenticate(@Context HttpServletRequest request, JSONObject obj){

    String userName = String.valueOf(obj.get("username"));
    String password = String.valueOf(obj.get("password"));
    try{
        request.login(userName, password);
    }
    catch(Exception e){
        e.printStackTrace();
    }
    return "{\"success\":true, \"msg\": \"Saved successfully\"}";
}

Can anyone provide a solution or work around I would be grateful...

score 0 · Answer 1 · answered Jul 21 '16 at 20:52

You need to tell Wildfly which security domain this application uses for authentication. Add a jboss-web.xml to WEB-INF:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
<jboss-web>
    <security-domain>java:/jaas/malison</security-domain>
</jboss-web>

Also, you might need to add a login configuration to web.xml. Here's an example for HTML basic authentication:

<login-config>
    <auth-method>BASIC</auth-method>
</login-config>

More details here: https://dzone.com/articles/understanding-web-security

Note, however, that you aren't doing form authentication as web.xml defines it. You are directly calling the login method on the HTTP request, while with form authentication configured in web.xml the application server automatically redirects to the login page and back to the secured URL after the authentication is successful.

Wildfly Form Authentication

1 Answers1