Java Reference
In-Depth Information
Creating a Database login module
The
UserRoles
login module is a good starting point to learn how to put together all the
pieces required to secure a web application. In real-world cases, there are better alternatives
to protect your applications, such as the
Database
login module. A database security do-
main follows the same logic exposed in the earlier example; it just stores the credentials
within the database. In order to run this example, we will refer to a data source defined in
datasources/wflydevelopment
), which needs to be deployed on the application
server:
<security-domain name="dbdomain" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="
java:jboss/datasources/wflydevelopment"/>
<module-option name="principalsQuery"
value="select passwd from USERS where login=?"/>
<module-option name="rolesQuery" value="select
role 'Roles' from USER_ROLES where login=?"/>
</login-module>
</authentication>
</security-domain>
In order to get this configuration working, you have to first create the required tables and
insert some sample data in it using the following queries:
CREATE TABLE USERS(login VARCHAR(64) PRIMARY KEY, passwd
VACHAR(64));
CREATE TABLE USER_ROLES(login VARCHAR(64), role VARCHAR(32));
INSERT into USERS values('admin', 'admin');
INSERT into USER_ROLES values('admin', 'Manager');
As you can see, the
admin
user will map again to the
Manager
role. One caveat of this
configuration is that it uses clear text passwords in the database; so before rolling this mod-
ule into production, you should consider adding additional security to your login module.
Let's see how to do this in the next section.
