/* Copyright (c) SEMM NL All rights reserved.
Author : Paul Hamaker. Part of JavaLessons.com
This code is for educational purposes only. Use at own risk.*/

1. ====  logform.html in sikyoor.war ============= 

2. <html><body

3.  

4. <form method="POST" action="j_security_check"

5.  Username

6.      <input type="text" 

7.       name="j_username"

8.  Password

9.       <input type="password" 

10.        name="j_password"

11.  

12. <input type="submit" value="Log In"

13.  

14. </form

15.  

16. </body></html

17.  

18. ===== web.xml  ====================== 

19. <?xml version="1.0" encoding="UTF-8"?> 

20. <!DOCTYPE web-app 

21.     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" 

22.     "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd"

23.  

24. <web-app> 

25.  

26. <servlet> 

27.     <servlet-name>RestSurf</servlet-name> 

28.     <servlet-class>SafeSurflt</servlet-class

29. </servlet> 

30.  

31. <servlet-mapping> 

32.     <servlet-name>RestSurf</servlet-name> 

33.     <url-pattern>/restricted/restsurf</url-pattern> 

34. </servlet-mapping> 

35.  

36. <security-constraint> 

37.   <web-resource-collection> 

38.       <web-resource-name>Reasaurs</web-resource-name> 

39.       <url-pattern>/restricted/*</url-pattern> 

40.       <http-method>HEAD</http-method> 

41.       <http-method>GET</http-method> 

42.       <http-method>POST</http-method> 

43.       <http-method>PUT</http-method> 

44.       <http-method>DELETE</http-method> 

45.   </web-resource-collection> 

46.   <auth-constraint> 

47.       <role-name>Toppy</role-name> 

48.   </auth-constraint> 

49.   <user-data-constraint> 

50.       <description>no description</description> 

51.       <transport-guarantee>NONE</transport-guarantee> 

52.   </user-data-constraint> 

53. </security-constraint> 

54.  

55. <login-config> 

56. <auth-method>FORM</auth-method> 

57. <form-login-config> 

58. <form-login-page> 

59. /logform.html 

60. </form-login-page> 

61. <form-error-page> 

62. /errorpage.html 

63. </form-error-page> 

64. </form-login-config> 

65. </login-config> 

66.  

67. <security-role> 

68.     <role-name>Toppy</role-name> 

69. </security-role> 

70.  

71. </web-app> 

72.  

73. ==  in  JBoss login-config.xml : ====== 

74. <application-policy name = "duhmane"

75. <authentication> 

76. <login-module 

77. code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" 

78. flag = "required"

79.  <module-option 

80.   name = "dsJndiName">java:/DefaultDS</module-option

81.  <module-option name = "principalsQuery"

82. select Password from Principals where PrincipalID=?</module-option

83.  <module-option name = "rolesQuery"

84. select Role, RoleGroup from Roles where PrincipalID=?</module-option

85. </login-module> 

86. </authentication> 

87. </application-policy> 

88. ====  jboss-web.xml  in .war  ======= 

89. <?xml version="1.0" encoding="UTF-8"?> 

90.  

91. <jboss-web> 

92.     <security-domain>java:/jaas/duhmane</security-domain> 

93. </jboss-web> 

94. ===  database table Principals  ================= 

95. PRINCIPALID PASSWORD 

96. ----------- -------- 

97. okkie       trooi 

98. shimmie     znarf 

99.  

100. =====  database table Roles  ================= 

101. PRINCIPALID ROLE   ROLEGROUP 

102. ----------- -----  --------- 

103. shimmie     Toppy  Roles 

104. okkie       Toppy  Roles 

105.  

106. ======= SafeSurflt.java =================== 

107. .... 

108.     PrintWriter out = response.getWriter(); 

109. .... 

110.     java.security.Principal user = request.getUserPrincipal(); 

111.     out.println( user + ", you have accessed " ); 

112.     out.println( request.getRequestURI() +  " succesfully." ); 

113.