web.xml and jGuard

Last modified by RaffaelloPelagalli on 2006/12/16 01:33

web.xml and jGuard

Integrating jGuard

Since jGuard 0.70, the integration of jGuard in a webapp and its configuration has been simplified. You need to add the following to your web.xml file:

AccessFilter

To restrict all protected resources, the net.sf.jguard.filters.AccessFilter declaration must be located at the top of the servlet filters list in web.xml. The related filter-mapping should map all of the protected resources. You do NOT have to include the following in the protected resources set; images, css, javascript files, and so on.....

<filter>
    	<filter-name>AccessFilter</filter-name>
		 <description>access filter</description>
		<filter-class>net.sf.jguard.authentication.http.AccessFilter</filter-class>
		<init-param>
			<param-name>configurationLocation</param-name>
			<param-value>/WEB-INF/conf/jGuard/jGuardFilter.xml</param-value>
		</init-param>
  </filter>
.....
.....
  <filter-mapping>
   		 <filter-name>AccessFilter</filter-name>
		 <url-pattern>*.do</url-pattern>
  </filter-mapping>

SessionListener

The net.sf.jguard.listeners.SessionListener must be registered in the web.xml :

........
........
  <listener>
      <listener-class>net.sf.jguard.listeners.SessionListener</listener-class>
  </listener>
........
........

ContextListener

the net.sf.jguard.listeners.ContextListener must be registered in the web.xml :

........
........
<context-param>
	<param-name>authenticationConfigurationLocation</param-name>
	<param-value>
		/WEB-INF/conf/jGuard/jGuardAuthentication.xml
	</param-value>
</context-param>
<context-param>
	<param-name>authorizationConfigurationLocation</param-name>
	<param-value>
		/WEB-INF/conf/jGuard/jGuardAuthorization.xml
        </param-value>
</context-param>
........
........
  <listener>
	 <listener-class>net.sf.jguard.listeners.ContextListener</listener-class>
  </listener>
........
........

Now configuration has been splitted into 3 configuration files :

  • jGuardFilter.xml : where to logon, logoff, redirect in access denial ...
jGuardFilter.xml is only used for webapps

  • jGuardAuthentication.xml : the AuthenticationManager and the LoginModules
~~jGuardAuthentication.xml is used for standalone applications and webapps ~~
  • jGuardAuthorization.xml : the AuthorizationManager.
jGuardAuthorization.xml is used for standalone applications and webapps

jGuardFilter.xml example

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE configuration SYSTEM "jGuardFilter.dtd">
<configuration>
	<filter>
		<!-- Index uri of your web application. -->
		<indexURI>index.jsp</indexURI>
		<!-- Uri when the user authentication failed. -->
		<authenticationFailedURI>
			/AuthenticationFailed.do
		</authenticationFailedURI>
		<!-- Uri to access to the authentication form -->
		<logonURI>/Logon.do</logonURI>
		<!--  uri to be authenticated. The action property of the authentication form MUST NOT be set to j_security_check. -->
		<logonProcessURI>/LogonProcess.do</logonProcessURI>
		<registerURI>/Registration.do</registerURI>
		<registerProcessURI>/RegistrationProcess.do</registerProcessURI>
		<!-- uri to to be unauthenticated -->
		<logoffURIs>
			<logoffURI>/Logoff.do</logoffURI>
		</logoffURIs>
		<!-- uri when access to a ressource is denied -->
		<accessDeniedURI>/AccessDenied.do</accessDeniedURI>
		<authScheme>FORM</authScheme>
		<loginField>login</loginField>
		<!-- Parameter's name of the form's field which holds the password. All values are accepted except j_password. -->
		<passwordField>password</passwordField>
	</filter>
</configuration>

jGuardAuthentication.xml example

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE configuration SYSTEM "jGuardAuthentication.dtd">
<configuration>
	<authentication>
		<!-- boolean option('true' or 'false'), to activate the authorization debug mode -->
		<debug>true</debug>
		<includeOldConfig>false</includeOldConfig>
		<!-- java.security.auth.login.config -->
		<includeConfigFromJavaParam>false</includeConfigFromJavaParam>
		<includePolicyFromJavaParam>false</includePolicyFromJavaParam>
   <authenticationManager>net.sf.jguard.ext.authentication.XmlAuthenticationManager</authenticationManager>
     <authenticationManagerOptions>
           <option>
             <name>authenticationXmlFileLocation</name>
             <value>WEB-INF/conf/jGuard/jGuardUsersPrincipals.xml</value>
           </option>
     </authenticationManagerOptions>
	 <loginModules>
	 	<!-- specify which loginModules are used for authentication. -->
		<loginModule>
    		<name>net.sf.jguard.ext.authentication.loginmodules.JCaptchaLoginModule</name>
		   	<flag>REQUIRED</flag>
		</loginModule>
		<loginModule>
		<name>net.sf.jguard.ext.authentication.loginmodules.XmlLoginModule</name>
		<!-- flag :'REQUIRED','OPTIONAL','REQUISITE' or 'SUFFICIENT' -->
		<flag>REQUIRED</flag>
		<loginModuleOptions>
			<option>
				<name>debug</name>
				<value>false</value>
			</option>
		</loginModuleOptions>
		</loginModule>
	 </loginModules>
	</authentication>
</configuration>

jGuardAuthorization.xml example

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE configuration SYSTEM "jGuardAuthorization.dtd">
<configuration>
    <authorization>
    <permissionResolutionCaching>true</permissionResolutionCaching>
	<authorizationManager>net.sf.jguard.ext.authorization.manager.XmlAuthorizationManager</authorizationManager>
	<authorizationManagerOptions>
		<option>
		<name>authorizationXmlFileLocation</name>
		<value>WEB-INF/conf/jGuard/jGuardPrincipalsPermissions.xml</value>
		</option>
        <option>
			<name>debug</name>
			<value>true</value>
		</option>
	</authorizationManagerOptions>
	</authorization>
</configuration>
Tags:
Created by diabolo512 on 2006/12/16 01:33

jGuard team copyright 2004-2009
3.1.1