< Previous | Front page | Next >
Skip to end of metadata
Go to start of metadata

Introduction

This example shows you how to configure the TicketMonster application provided by the JBoss Developer Framework to use the PicketBox Security layer.

What this example is about ?

Basically, we'll use PicketBox to provide the following features:

  • Authentication using the HTTP FORM method
  • Properties-based Identity Store for users credentials
  • Authorization using the PicketBox Drools module
  • Logout

The TicketMonster users can be categorized in two types:

  • User
  • Adminstrators

This example will show you how to configure:

  • A login page to let users authenticate
  • A simple authorization rule using Drools to restrict access for the Administration UIs

Before you start

Before you start, it is important that you understand some key concepts like:

If you like you can also clone a TicketMonster version configured with PicketBox from here. This is a temporary repository.

Configure and Deploy TicketMonster

Before continuing, please follow the TicketMonster Tutorial about how to configure your environment, build and run the application.

Make sure you have configured the Administration UI as described in the TicketMonster tutorial.

PicketBox Configuration

PicketBox can be easily enabled in the TicketMonster application by using the PicketBox Solder module. This module provides an integration layer for CDI applications to create a security layer that provides all PicketBox Security capabilities.

What are the steps ?

After having your TicketMonster application properly configured and running (with the administration UIs) you need to:

  • Configure the PicketBox Solder and PicketBox Drools Maven dependencies
  • Create a JBoss AS7 Module for Drools (org.drools)
  • Configure the org.drools module as dependency for your application
  • Create a Solder Configuration file with the PicketBox configuration
  • Create a properties file from which users credentials will be retrieved from
  • Create a login page
  • Create the Authorization rules
  • Logout

Maven Dependencies

If you are using Maven, please configure your pom.xml with the following dependencies:

Drools Module Configuration

Download the Drools distribution.

Create the follow directory structure in your JBoss Application Server v7 installation:

Create a file named module.xml inside the main directory:

Extract the Drools distribution package and copy all files referenced above to the same directory where the module.xml file was created.

Configure the org.drools module as a dependency

Edit the WEB-INF/jboss-deployment-structure.xml file and add the org.drools module dependency:

PicketBox Solder Configuration

Create a Solder XML Configuration file in the classpath: META-INF/seam-beans.xml. If you are using Maven this file is usually located at the src/main/resources directory. 

The configuration above defines a HTTP Form Authentication using the <pbhttpauth:HTTPFormAuthentication> element. We also define a properties file based authentication (you can always use others authentication stores like LDAP or JDBC/JPA) using the <pbauthmgr:PropertiesFileBasedAuthenticationManager/>.

For authorization, the configuration defines a Drools based authentication with the <pbauthzd:PicketBoxDroolsAuthorizationManager/> element and the <pbhttpr:HTTPProtectedResourceManager> for URL Security.

User Credentials Properties File

In this example we will use a properties file to retrieve users credentials. Just create a properties file called users.properties in your classpath. If you are using Maven this file is usually located at your src/main/resources directory

This example uses a Properties File Based Authentication Manager.  If you need other forms of authentication such as a DB or an LDAP, take a look at https://docs.jboss.org/author/display/SECURITY/Authentication+Manager

Login Page

As we are using FORM authentication as described in the previous sections, we need to create a login page for users provide their credentials. By default, PicketBox uses a file named login.jsp that must be located at your application's root path.

This page must define a JEE compliant authentication HTML form like the one bellow:

Authorization Rules

As we are using the PicketBox Drools Authentication Manager, you need now to create a file named authorization.drl in your classpath. If you are using Maven this file is usually located at your src/main/resources directory.

The rule above is just a simple example that disables the "Section Allocation" functionality. 

Logout

To logout an user you just need to send him to the following path:

To Be Done

  • Remember-me
Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.