AppFuseOnJBoss

This is version 9. It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

AppFuse Security

Setting up AppFuse security in JBoss I was surprise how easy it was.

    <application-policy name = "appfuse">
       <authentication>
          <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
             flag = "required">
             <module-option name = "dsJndiName">jdbc/mysql</module-option>
             <module-option name = "principalsQuery">
	     select password from app_user where username=?
	     </module-option>
             <module-option name = "rolesQuery">
	     select role_name, 'Roles' from user_role where username=?
	     </module-option>

	   </login-module>
       </authentication>
    </application-policy>

It took me less time to setup Security than it did for me to setup logging. (Which is a bit of a nightmare!)

The above assumes you have a database driver mapped under jdbc/mysql.

Create DS file as follows, and put it in the deploy dir: (C:\tools\jboss-3.2.3\server\default\deploy/mysql-ds.xml)

<datasources>
  <local-tx-datasource>
    <jndi-name>jdbc/mysql</jndi-name>
    <connection-url>jdbc:mysql://localhost:3306/mysql</connection-url>
    <driver-class>com.mysql.jdbc.Driver</driver-class>
    <user-name>root</user-name>
    <password></password>
  </local-tx-datasource>
</datasources>

The login security stuff goes in the config directory of the server, e.g., C:\tools\jboss-3.2.3\server\default\conf\login-config.xml.

I attached the login-config.xml file. Note the name has to be the name of your war (appfuse.war = appfuse). In reality, it has to be the name of the web context, but since my web context and war file name are the same it works.

mysql-ds.xml has to be in the deploy dir, e.g., C:\tools\jboss-3.2.3\server\default\deploy\mysql-ds.xml.

(The war file goes into the deploy dir as well).

WARNING:

JBoss holds onto the cache of users and roles. So if you changed a users role, they would not be able to see it for 1/2 an hour.

I subclassed UserManagerImpl, and created a version specific to JBoss, then I changed UserManagerImpl to use a stub method called flushAuthCache.

UserManagerJBossSpecific invalidates the user cache using JMX. JBoss is pretty cool!

Since I am using Spring. I did not have to change any other code in the system. Just one configuration file!

Spring change:

	<bean id="userManager" class="org.appfuse.webapp.service.UserManagerJBossSpecific">
		<property name="userDAO"><ref local="userDAO"/></property>
	</bean>

UserManagerJBossSpecific.java

Logging

Setting up logging is a pain in JBoss. Don't mess with the console log... it misbehaves. Create a file logger and tail it.

Here is my log4j.xml file (which has to be in the conf dir like the login-config.xml).

I just tail -f the log file.

JBoss 4.0 Changes to AppFuse Security Instructions

In the login-config.xml change

     <module-option name = "dsJndiName">jdbc/mysql</module-option> 

     <module-option name = "dsJndiName">java:/jdbc/mysql</module-option> 

Create a WEB-INF/jboss-web.xml file inside Appfuse.jar with the following contents

 <?xml version="1.0" encoding="UTF-8" ?> 
 <jboss-web>
    <context-root>/appfuse</context-root> 
    <resource-ref>
       <res-ref-name>jdbc/mysql</res-ref-name> 
       <res-type>javax.sql.DataSource</res-type> 
       <jndi-name>java:jdbc/mysql</jndi-name> 
     </resource-ref>
   <security-domain>java:/jaas/appfuse</security-domain> 
 </jboss-web>

jboss-web.xml		355 bytes
mysql-ds.xml		992 bytes
log4j.xml		5811 bytes
login-config.xml		6280 bytes