Home
Demo
Documentation
Downloads
FAQ
Project
Support
Tour
Team
Wiki

Community
Forums
openCRX Partners
 
Features
Roadmap
License

 



SourceForge.net Logo
openCRX Installation Guide for JBoss 4: Version 1.7.1
PrevChapter 4. Configuring SecurityNext

Configuring DatabaseServerLoginModule

openCRX stores security information in the database tables security_Policy, security_Principal, security_Credential, security_Subject and security_Role. JBoss allows to access these tables by configuring a database login module. This way users can be managed in openCRX and are immediately available as JBoss logins.

It is strongly recommended that you stay with the file-based UsersRolesLoginModule for the root servlet. This simplifies the openCRX bootstrapping.

Activate JAAS based authentication by adding the following configuration entries for the root servlet to d:\pgm\jboss-4.0.1\server\default\conf\login_config.xml (login-config.xml on Unix platforms!).

Example 4-5. JBoss login_config.xml for JAAS login configuration for the root servlet.

<application-policy name = "opencrx-core-CRX-Root">
   <authentication>
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required" >
          <module-option name="usersProperties">openCRX.users.properties</module-option>
          <module-option name="rolesProperties">openCRX.roles.properties</module-option>
      </login-module>
   </authentication>
</application-policy>

Then create the files openCRX.users.properties and openCRX.roles.properties in directory d:/pgm/jboss-4.0.1server/default/conf:

Example 4-6. openCRX.users.properties with user=password syntax.

admin-Root=rootSecret

Example 4-7. openCRX.roles.properties with user.Roles=role1,role2 syntax.

admin-Root.Roles=OpenCrxRoot

Add the following security policy for the standard servlet for NON-PostgreSQL databases:

The opencrx-core.jboss-3-connector.zip in the openCRX core distribution contains sample files which you can copy/paste.

Example 4-8. JBoss login_config.xml for JAAS login configuration for the standard servlet for NON-PostgreSQL databases.

<application-policy name="opencrx-core-CRX">
  <authentication>
    <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="dsJndiName">java:/jdbc_opencrx_CRX</module-option>
      <module-option name="principalsQuery">SELECT c.passwd FROM security_Principal p, security_Credential c WHERE 
(p.object_rid IN (SELECT object_rid FROM security_REF WHERE c$0='org:openmdx:security:realm1' AND c$1='provider' AND 
c$2='CRX' AND c$3='segment' AND c$4='Root' AND c$5='realm' AND c$6='Default' AND c$7='principal' AND n=8)) AND 
(p.p$$credential__rid = c.object_rid) AND (p.p$$credential__oid = c.object_oid) AND (p.object_idx = 0) AND
 (p.object_oid = ?)</module-option>
      <module-option name="rolesQuery">SELECT pg.p$$granted_role__oid, 'Roles' FROM security_Principal pg, 
security_Principal p WHERE (pg.object_rid = p.p$$is_member_of__rid) AND (pg.object_oid = p.p$$is_member_of__oid) AND 
(p.object_rid IN (SELECT object_rid FROM security_REF WHERE c$0='org:openmdx:security:realm1' AND c$1='provider' AND 
c$2='CRX' AND c$3='segment' AND c$4='Root' AND c$5='realm' AND c$6='Default' AND c$7='principal' AND n=8)) AND 
(p.object_oid = ?)</module-option>
      <module-option name="ignorePasswordCase">true</module-option>
      <module-option name="hashCharset">UTF-8</module-option>
      <module-option name="hashEncoding">base64</module-option>
      <module-option name="hashAlgorithm">MD5</module-option>
    </login-module>
  </authentication>
</application-policy>

The opencrx-core.jboss-3-connector.zip in the openCRX core distribution contains sample files which you can simply copy/paste.

Add the following security policy for the standard servlet for PostgreSQL databases:

Example 4-9. JBoss login_config.xml for JAAS login configuration for the standard servlet for PostgreSQL databases.

<application-policy name="opencrx-core-CRX">
  <authentication>
    <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="dsJndiName">java:/jdbc_opencrx_CRX</module-option>
      <module-option name="principalsQuery">SELECT c.passwd FROM security_Principal p, security_Credential c 
WHERE (p.object_rid IN (SELECT object_rid FROM security_REF WHERE "c$0"='org:openmdx:security:realm1' AND 
"c$1"='provider' AND "c$2"='CRX' AND "c$3"='segment' AND "c$4"='Root' AND "c$5"='realm' AND "c$6"='Default' AND 
"c$7"='principal' AND n=8)) AND (p."p$$credential__rid" = c.object_rid) AND (p."p$$credential__oid" = c.object_oid) AND 
(p.object_idx = 0) AND (p.object_oid = ?)</module-option>
      <module-option name="rolesQuery">SELECT pg."p$$granted_role__oid", 'Roles' FROM security_Principal pg, 
security_Principal p WHERE (pg.object_rid = p."p$$is_member_of__rid") AND (pg.object_oid = p."p$$is_member_of__oid") AND 
(p.object_rid IN (SELECT object_rid FROM security_REF WHERE "c$0"='org:openmdx:security:realm1' AND 
"c$1"='provider' AND "c$2"='CRX' AND "c$3"='segment' AND "c$4"='Root' AND "c$5"='realm' AND "c$6"='Default' AND 
"c$7"='principal' AND n=8)) AND (p.object_oid = ?)</module-option>
      <module-option name="ignorePasswordCase">true</module-option>
      <module-option name="hashCharset">UTF-8</module-option>
      <module-option name="hashEncoding">base64</module-option>
      <module-option name="hashAlgorithm">MD5</module-option>
    </login-module>
  </authentication>
</application-policy>

PrevHomeNext
Configuring SecurityUpStarting JBoss
http://www.crixp.com/ http://www.openmdx.org/