- What this example is about ?
- Before you start
- Configure and Deploy TicketMonster
- PicketBox Configuration
- What are the steps ?
- Maven Dependencies
- Drools Module Configuration
- Configure the org.drools module as a dependency
- PicketBox Solder Configuration
- User Credentials Properties File
- Login Page
- Authorization Rules
- To Be Done
Basically, we'll use PicketBox to provide the following features:
- Authentication using the HTTP FORM method
- Properties-based Identity Store for users credentials
- Authorization using the PicketBox Drools module
The TicketMonster users can be categorized in two types:
This example will show you how to configure:
- A login page to let users authenticate
- A simple authorization rule using Drools to restrict access for the Administration UIs
Before you start, it is important that you understand some key concepts like:
If you like you can also clone a TicketMonster version configured with PicketBox from here. This is a temporary repository.
Before continuing, please follow the TicketMonster Tutorial about how to configure your environment, build and run the application.
|Make sure you have configured the Administration UI as described in the TicketMonster tutorial.|
PicketBox can be easily enabled in the TicketMonster application by using the PicketBox Solder module. This module provides an integration layer for CDI applications to create a security layer that provides all PicketBox Security capabilities.
After having your TicketMonster application properly configured and running (with the administration UIs) you need to:
- Configure the PicketBox Solder and PicketBox Drools Maven dependencies
- Create a JBoss AS7 Module for Drools (org.drools)
- Configure the org.drools module as dependency for your application
- Create a Solder Configuration file with the PicketBox configuration
- Create a properties file from which users credentials will be retrieved from
- Create a login page
- Create the Authorization rules
If you are using Maven, please configure your pom.xml with the following dependencies:
Download the Drools distribution.
Create the follow directory structure in your JBoss Application Server v7 installation:
Create a file named module.xml inside the main directory:
Extract the Drools distribution package and copy all files referenced above to the same directory where the module.xml file was created.
Edit the WEB-INF/jboss-deployment-structure.xml file and add the org.drools module dependency:
Create a Solder XML Configuration file in the classpath: META-INF/seam-beans.xml. If you are using Maven this file is usually located at the src/main/resources directory.
The configuration above defines a HTTP Form Authentication using the <pbhttpauth:HTTPFormAuthentication> element. We also define a properties file based authentication (you can always use others authentication stores like LDAP or JDBC/JPA) using the <pbauthmgr:PropertiesFileBasedAuthenticationManager/>.
For authorization, the configuration defines a Drools based authentication with the <pbauthzd:PicketBoxDroolsAuthorizationManager/> element and the <pbhttpr:HTTPProtectedResourceManager> for URL Security.
In this example we will use a properties file to retrieve users credentials. Just create a properties file called users.properties in your classpath. If you are using Maven this file is usually located at your src/main/resources directory
This example uses a Properties File Based Authentication Manager. If you need other forms of authentication such as a DB or an LDAP, take a look at https://docs.jboss.org/author/display/SECURITY/Authentication+Manager
As we are using FORM authentication as described in the previous sections, we need to create a login page for users provide their credentials. By default, PicketBox uses a file named login.jsp that must be located at your application's root path.
This page must define a JEE compliant authentication HTML form like the one bellow:
As we are using the PicketBox Drools Authentication Manager, you need now to create a file named authorization.drl in your classpath. If you are using Maven this file is usually located at your src/main/resources directory.
The rule above is just a simple example that disables the "Section Allocation" functionality.
To logout an user you just need to send him to the following path: