XMLLoginModule

Description

This loginModule permits a XML file-based authentication for your web application.

parameters

namemandatoryvaluesdescriptionexample
debugnotrue or falseThis optional parameter, when set to true, activate the debug mode (provide more logs to detect easily misconfiguration). 

usual configuration in the web.xml file

....
....
 <loginModule>
	<name>net.sf.jguard.authentication.loginmodules.XmlLoginModule</name>
	<flag>REQUIRED</flag>
	<loginModuleOptions>
		<option>
			<name>debug</name>
			<value>false</value>
		</option>
	</loginModuleOptions>
</loginModule>
....
....

jGuard.loginScheme example (advanced configuration)

below is an appConfigurationEntry example of a webapp configured with a XmlLoginModule.

myApplication{

net.sf.jguard.loginmodules.XmlLoginModule required debug="true";

};

We recommand to place the jGuard.loginScheme file in your ${java.home}/lib$/security/, to regroup all security files in one place.

jGuardUsersPrincipals.xml

description

This XML file contains all the users and roles informations of your webapp. It respects the jGuard DTD (jGuardUsersPrincipals_x.xx.dtd).

tags

principals

The first part of the file () contains principals/roles declarations. Each principal must have an unique name in the file. A principal is linked with only one application also. So, a user with the right principal name, but the wrong application name will not have the corresponding role permissions.

users

The second part of the configuration file users, contains users declarations. Each user user has got private credentials privateCredentials , public credentials privateCredentials , and references corresponding to declared principals principalsRef.

this part contains also a SubjectTemplate markup, which represents the credentials required during user registration. if credentials provided by the candidate user, are not listed in the subjectTemplate, they will be ignored. if the credentials marked as required, are not provided, the registration will fails.the SubjectTemplate should also contains an 'Identity'crendetial, which is a credential to uniquely identify a user(prevents identity stealth).

example

<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<!DOCTYPE usersPrincipals SYSTEM "jGuardUsersPrincipals_0.80.dtd">
<usersPrincipals>
  <principals>
      <principal>
        <name>admin</name>
        <class>net.sf.jguard.principals.JGuardPrincipal</class>
        <applicationName>jGuardExample</applicationName>
      </principal>
      <principal>
        <name>guest</name>
        <class>net.sf.jguard.principals.JGuardPrincipal</class>        
        <applicationName>jGuardExample</applicationName>
      </principal>
      <principal>
        <name>role3</name>
        <class>net.sf.jguard.principals.JGuardPrincipal</class>
        <applicationName>anotherApplication</applicationName>
      </principal>
  </principals>
  <users>
      <userTemplate>
          <name>default</name>
	      <privateRequiredCredentials>
		      <credTemplateId identity="true">login</credTemplateId>
		      <credTemplateId digestNeeded="true">password</credTemplateId>
	      </privateRequiredCredentials>
	      <publicRequiredCredentials>
	            <credTemplateId>firstname</credTemplateId>
                <credTemplateId>lastname</credTemplateId>
	            <credTemplateId>location</credTemplateId>
	      </publicRequiredCredentials>
	      <privateOptionalCredentials>
	            <credTemplateId>country</credTemplateId>
	            <credTemplateId>religion</credTemplateId>
	      </privateOptionalCredentials>
	      <publicOptionalCredentials>
	            <credTemplateId>hobbies</credTemplateId>
	      </publicOptionalCredentials>
	      <genericPrincipals>
	         <principalRef name="admin" applicationName="jGuardExample"/>
             <principalRef name="role3" applicationName="anotherApplication"/>
	      </genericPrincipals>
	      <specificPrincipalFactories/>
      </userTemplate>
      <user>
     <privateCredentials>
       <credential>
          <id>login</id>
          <value>admin</value>
       </credential>
       <credential>
          <id>password</id>
          <value>admin</value>
       </credential>
     </privateCredentials>

     <publicCredentials>
       <credential>
          <id>firstname</id>
          <value>Rick</value>
       </credential>
       <credential>
          <id>lastname</id>
          <value>Dangerous</value>
       </credential>
       <credential>
          <id>location</id>
          <value>Paris</value>
       </credential>
     </publicCredentials>

     <principalsRef>
          <principalRef name="admin" applicationName="jGuardExample" />
          <principalRef name="role3" applicationName="anotherApplication"/>
     </principalsRef>
   </user>
   <user>
   <privateCredentials>
   <credential>
        <id>login</id>
        <value>guest</value>
   </credential>
   <credential>
        <id>password</id>
        <value>guest</value>
   </credential>
   </privateCredentials>
   <publicCredentials/>
        <principalsRef>
          <principalRef name="guest" applicationName="jGuardExample" />
        </principalsRef>
   </user>
  </users>
</usersPrincipals>
Version 1.5 last modified by Charles Gay on 22/05/2006 at 14:30

Comments 0

No comments for this document

Attachments 0

No attachments for this document
Menu

 
Creator: Charles Gay on 2006/02/09 14:37
jGuard team copyright 2004-2007
1.1.1