/java/

Wildfly 9 Login form. Simple example.

2015-10-03 15:32:25

Application setup

we have to start form pom.xml

<?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?>

<project http:="" maven-4.0.0.xsd&quot;="" maven.apache.org="" xmlns='"http://maven.apache.org/POM/4.0.0"' xmlns:xsi='"http://www.w3.org/2001/XMLSchema-instance"' xsd="" xsi:schemalocation='"http://maven.apache.org/POM/4.0.0'>
<modelversion>4.0.0</modelversion>
<groupid>btbw.pl</groupid>
<artifactid>logintest</artifactid>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupid>javax</groupid>
<artifactid>javaee-api</artifactid>
<version>7.0</version>
</dependency>
</dependencies>
<build>
<finalname>formloginexample</finalname>
<plugins>
<plugin>
<groupid>org.apache.maven.plugins</groupid>
<artifactid>maven-compiler-plugin</artifactid>
<configuration>
<source/>1.7
                    <target>1.7</target>
</configuration>
</plugin>
<plugin>
<artifactid>maven-war-plugin</artifactid>
<configuration>
<failonmissingwebxml>false</failonmissingwebxml>
</configuration>
</plugin>
</plugins>
</build>
</project>

next we will configure our java app

package pl.btbw.core;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;
@ApplicationPath("/rest")
public class MyApp extends Application {
}
package pl.btbw.web;

import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.core.Response;

@Path("/")
public class MyCtrl {

    @GET
    @Path("/")
    public Response test() {
        return Response.status(200).entity("test page ok").build();
    }

}

small test

now you can deploy your app and check if this address work for you http://localhost:8080/formloginexample/rest/

ok, if our app works and I believe that this is, we can continue

database connection

because we want to use users form our database we have to establish connection

btw. wildfly you can take form http://wildfly.org/downloads/

we will start form standalone.xml file and datasource configuration


<datasource enabled='"true"' jndi-name='"java:jboss/datasources/ExamplePgDS"' jta='"true"' pool-name='"ExamplePgDS"' use-ccm='"true"' use-java-context='"true"'>
<connection-url>jdbc:postgresql://localhost:5432/btbw</connection-url>
<driver-class>org.postgresql.Driver</driver-class>
<driver>postgresql-jdbc4</driver>
<pool>
<min-pool-size>2</min-pool-size>
<max-pool-size>20</max-pool-size>
<prefill>true</prefill>
</pool>
<security>
<user-name>btbw_test</user-name>
<password>btbw_test</password>
</security>
<validation>
<check-valid-connection-sql>SELECT 1</check-valid-connection-sql>
<validate-on-match>true</validate-on-match>
<background-validation>false</background-validation>
</validation>
</datasource>

Login Form configuration

now we have to add security-domain to standalone.xml


<security-domain name='"example-jaas-realm"'>
<authentication>
<login-module code='"Database"' flag='"required"'>
<module-option name='"dsJndiName"' value='"java:jboss/datasources/ExamplePgDS"/'>
<module-option from="" name='"principalsQuery"' password="" username='?"/' users="" value='"select' where="">
<module-option 'roles'="" from="" name='"rolesQuery"' rolename,="" roles="" username='?"/' value='"select' where="">
<module-option name='"hashAlgorithm"' value='"SHA-256"/'>
<module-option name='"hashEncoding"' value='"base64"/'>
</module-option></module-option></module-option></module-option></module-option></login-module>
</authentication>
</security-domain>

for better debugging you can adjust logger configuration, by adding


<logger category='"org.jboss.security"'>
<level name='"TRACE"/'>
</level></logger>

database tables

CREATE DATABASE btbw;
\ connect btbw
CREATE SCHEMA btbw_test;
CREATE USER btbw_test WITH PASSWORD 'btbw_test' NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE;
GRANT ALL ON SCHEMA btbw_test TO btbw_test;
GRANT ALL PRIVILEGES ON DATABASE btbw TO btbw_test;
CREATE TABLE btbw_test.users (username VARCHAR(32) NOT NULL PRIMARY KEY, password VARCHAR(64) NOT NULL);
CREATE TABLE btbw_test.roles (username VARCHAR(32) NOT NULL, rolename VARCHAR(32) NOT NULL,PRIMARY KEY (username, rolename));

ALTER TABLE btbw_test.users OWNER TO btbw_test;
ALTER TABLE btbw_test.roles OWNER TO btbw_test;

now you have to add user with role

insert into btbw_test.users(username,password) values('admin','jGl25bVBBBW96Qi9Te4V37Fnqchz/Eu4qB9vKrRIqRg=');
insert into btbw_test.roles(username,rolename) values('admin','ADMIN');
-- login admin
-- password admin

if you want to generate other user, for password generation you can use

echo -n "admin" | openssl dgst -sha256 -binary | openssl base64

Time for frontend

web.xml configuration

../src/main/webapp/WEB-INF/web.xml


<web-app http:="" java.sun.com="" javaee="" ns="" version='"3.0"' web-app_3_0.xsd&quot;="" xml="" xmlns='"http://java.sun.com/xml/ns/javaee"' xmlns:xsi='"http://www.w3.org/2001/XMLSchema-instance"' xsi:schemalocation='"http://java.sun.com/xml/ns/javaee'>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>example-jaas-realm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/access-denied.html</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<display-name>pages_auth</display-name>
<web-resource-collection>
<web-resource-name>pages_auth</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>UnSecuredPages</display-name>
<web-resource-collection>
<web-resource-name>login-required</web-resource-name>
<url-pattern>/rest/login</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>login-required</web-resource-name>
<url-pattern>/front/app/css/main.css</url-pattern>
</web-resource-collection>
</security-constraint>
<security-role>
<role-name>ADMIN</role-name>
</security-role>
</web-app>

.../src/main/webapp/WEB-INF/jboss-web.xml

<?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?>

<jboss-web>
<security-domain>example-jaas-realm</security-domain>
</jboss-web>

Finaly login.html

<!DOCTYPE html>

<html lang='"en"'>
<head>
<meta charset="utf-8"/>
<title>login test</title>
<link href='"front/lib/bootstrap/css/bootstrap.min.css"' rel='"stylesheet"'/>
<link href='"front/lib/bootstrap/css/signin.css"' rel='"stylesheet"'/>
<link href='"front/app/css/main.css"' rel='"stylesheet"'/>
</head>
<body>
<div class='"container"'>
<form action='"rest/login"' class='"form-signin"' method='"POST"'>
<input id='"requestURI"' name='"requestURI"/' type='"hidden"' value='"/"'/>
<h2 class='"form-signin-heading"'>oh shit not you again</h2>
<label class='"sr-only"' for='"username"'>Login</label>
<input class='"form-control"' id='"username"' name='"username"/' required='"required"' type='"text"'/>
<label class='"sr-only"' for='"password"'>Password</label>
<input class='"form-control"' id='"password"' name='"password"/' required='"required"' type='"password"'/>
<button btn-block&quot;="" btn-lg="" btn-primary="" class='"btn' type='"submit"'>Sign in</button>
</form>
</div>
</body>
</html>

and finally, last part

@POST
@Path("/login")
public Response login(@FormParam("username") String username, @FormParam("password") String password) {

    try {
        request.login(username, password);
        LOGGER.info("Login Success for: " + username);
    } catch (ServletException e) {
        LOGGER.error("Login Exception: " + e.getMessage());
    }

    return ResponseUtil.seeOther("../");
}

@GET
@Path("/logout")
public Response logout() {
    try {
        request.logout();
    } catch (ServletException e) {
        LOGGER.error("Logout Exception: " + e.getMessage());
    }
    return ResponseUtil.seeOther("../");
}
public class ResponseUtil {

    public static Response seeOther(String url) {
        try {
            return Response.seeOther(new URI(url)).build();
        } catch (URISyntaxException e) {
            return null;
        }
    }
}