Using JAAS for VAADIN + TomEE web applications
I would like to talk about the use of JAAS (Java Authentification and Authorization Service) for web applications using VAADIN 7 (as a web framework) and Apach TomEE (as a Java EE container).
First we need to register the realm in the container and associate the
This can be done either in the container’s server.xml file or in the application file /src/main/webapp/META-INF/context.xml:
The configuration for
For it you need to set the system property in
Or do it directly in the application code:
')
TomEE has several
We will use
It contains the authenticate method, which returns a list of roles for a successful authenticated user. In our case, the implementation of this method is quite simple (to show how this mechanism works and access rights management), there are only two users, admin and user, who after successfully authenticate, get the ADMIN and USER roles, respectively.
Now we can use the
In order for the ServiceLoader to load our
We do not have to directly call the authenticate method, the container will do it after calling the login method from
Vaadin has its own VaadinService, which contains a static getCurrentRequest method, which, having converted to
For redirecting and navigating between pages in Vaadin, there is a very handy component of Navigator . First you need to add to it the required View:
And then navigate between them by calling the navigateTo method:
Here I gave key points, the source code of the project is available on GitHub .
And also a demo .
First we need to register the realm in the container and associate the
LoginModule with it.This can be done either in the container’s server.xml file or in the application file /src/main/webapp/META-INF/context.xml:
<Realm className="org.apache.catalina.realm.JAASRealm" appName="ServiceLoginModule" userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal" roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal"> </Realm> The configuration for
ServiceLoginModule is in the login.config file ServiceLoginModule { org.apache.openejb.core.security.jaas.ServiceProviderLoginModule required; }; For it you need to set the system property in
CATALINA_OPTS: -Djava.security.auth.login.config=$CATALINA_BASE/conf/login.configOr do it directly in the application code:
')
System.setProperty("java.security.auth.login.config", “yourPath/login.config"); TomEE has several
LoginModule implementations:- PropertiesLoginModule displays users and groups in two files (users.properties and groups.properties);
- SQLLoginModule uses database tables;
- ServiceProviderLoginModule uses ServiceLoader to load LoginProvider's own implementation;
- ScriptLoginModule uses the Java Scripting API.
We will use
ServiceProviderLoginModule and write our own LoginProvider'a implementation: public class SimpleLoginProvider implements LoginProvider { @Override public List<String> authenticate(String user, String password) throws FailedLoginException { if ("admin".equals(user) && "admin".equals(password)) { return Arrays.asList("ADMIN"); } if ("user".equals(user) && "user".equals(password)) { return Arrays.asList("USER"); } throw new FailedLoginException(); } } It contains the authenticate method, which returns a list of roles for a successful authenticated user. In our case, the implementation of this method is quite simple (to show how this mechanism works and access rights management), there are only two users, admin and user, who after successfully authenticate, get the ADMIN and USER roles, respectively.
Now we can use the
@RolesAllowed("ADMIN") annotation, for example, and restrict access to a method: @Stateless public class TestBean { @RolesAllowed("ADMIN") public String getProtectedInfo() { return "It's protected information."; } } In order for the ServiceLoader to load our
LoginProvider , you must create the file org.apache.openejb.core.security.jaas.LoginProvider in the project directory / src / main / resources / META-INF / services /, which contains our LoginProvider'a full name LoginProvider'a : org.psa.vaadinauth.secure.SimpleLoginProvider We do not have to directly call the authenticate method, the container will do it after calling the login method from
HttpServletRequest'a . After filling out the web-form for authorization, we will call the following method: public void login(String user, String password, HttpServletRequest request) throws ServletException { request.login(user, password); } Vaadin has its own VaadinService, which contains a static getCurrentRequest method, which, having converted to
HttpServletRequest we will send to our login method: login(username, password, (HttpServletRequest) VaadinService.getCurrentRequest()); For redirecting and navigating between pages in Vaadin, there is a very handy component of Navigator . First you need to add to it the required View:
getNavigator().addView(LoginView.NAME, LoginView.class); getNavigator().addView(MainView.NAME, MainView.class); And then navigate between them by calling the navigateTo method:
getNavigator().navigateTo(LoginView.NAME); Here I gave key points, the source code of the project is available on GitHub .
And also a demo .
References:
- Apache TomEE official website
tomee.apache.org/index.html - VAADIN official website
vaadin.com - JAAS and TomEE
tomee.apache.org/tomee-jaas.html - Security tomee
tomee.apache.org/security.html - Creating a simple login view
vaadin.com/wiki/-/wiki/Main/Creating%20a%20simple%20login%20view
Source: https://habr.com/ru/post/183550/
All Articles