Every environment needs it, you can hardly get around it: User Management. It is always a challenge and a drag at the same time. How much should be stored? How should passwords be stored? Do we need RBAC? Do we need some SSO and with whom? Do we need a (G)UI for management?
Wouldn’t it be great if we could pass this responsibility on. And we can! In Enterprise-land there is LDAP.
In JBoss there is default support for LDAP. In this post we will present an example project that will allow you to use LDAP with a
war-application. The example project provides all steps to try this out locally, including the setup of a test LDAP-server and test data.
The four main parts in getting a
war-application that has LDAP-authentication are:
- a link of this
security-domainto your war in the
- a set of security-constraint in your
- a set of roles in your
standalone.xml has all the connection details of how to connect to the LDAP-server. It also has the mappings of where to find the users in your LDAP and how to find which groups these users belong to. The
jboss-web.xml has the details to connect this
security-domain to your war. Then the
web.xml has the fine-grained details to protect parts of your application. Each of these steps is described in detail in the example project which reads as a tutorial.
The example project has different branches. The master only does BASIC-authentication. The form_auth branch will detail how a nice login-page can be added to this setup, allowing the user to logout without restarting the browser.
Want to know who used your application and when? JBoss has standard audit logging. This can be enabled by adding a logger for the
This article showed how LDAP-authentication can be used to delegate the User Management to an external source. The next article will detail a solution that will allow for User Management that includes a web-ui and even has social logins via Google, Facebook & Twitter. All with JBoss-stack components.