Git Product home page Git Product logo

loginmodule's Introduction

Example of Simple login module

I created this example on behalf of a customer that uses the REST interface for JBoss BPM Suite. This login module allows a intermediate server to identify as a any user as long as an server password is provided. This can for exampl ebe used to authenticate with the REST service of BPM Suite.

###Prerequisites

  1. Working installtion of JBoos EAP or JBoss BPM Suite

To build and install

  1. Make sure you have JBoss EAP maven repos configured. See here for and example settings.xml

  2. Build the project with maven

     mvn clean install

  3. Replace or add a login module to the configuration of JBoss BPM Suite (e.g. $JBOSS_HOME/standalone/configuration/standalone.xml)

     <security-domain name="other" cache-type="default">
    <authentication>
       <login-module code="Remoting" flag="optional"> 
          <module-option name="password-stacking" value="useFirstPass"/>
       </login-module>
       <login-module code="com.redhat.examples.loginmodule.SimpleCustomLoginModule" flag="sufficient" module="simpleloginmodule">
          <module-option name="password-stacking" value="useFirstPass"/>
          <module-option name="serverRole" value="admin"/>
          <module-option name="serverPassword" value="qwerty67"/>
       </login-module>
       <login-module code="RealmDirect" flag="required">
          <module-option name="password-stacking" value="useFirstPass"/>
       </login-module>
    </authentication>
 </security-domain>

  4. Copy the content of the module into the module directory of JBoss BPM Suite

     cp -r target/module/* $JBOSS_HOME/modules/

  5. (Re)start the Server.

  6. Try to login with any username and the password configured in step 3. Verify that the user are assigned the correct role.

This configuration means that any username with password qwerty67 will succed in login in. Users that knows their username and password can ofcourse login (currently using the builtin application realm authentication, but can be replaced with for example LDAP/AD or SPNEGO and/or Kerberos).

For security reasons it's recommende to use hashed password, but that's not what I'm trying to illustrate in this example. Even better would be to store the password in a secure store or for example an LDAP directory'

Good luck,

Thomas Qvarnström

loginmodule's People

Contributors

tqvarnst avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.