The User Repository used in this example is described in this article.
InetPerson objects defined in the LDAP Tree described here make up the user population. There are 5000 users defined. The cn of the users are called 1,2, ., 5000.
In an attempt to demonstrate a real-world use, this example makes use of LDAP Groups as described here. The group used in this example is called Group1.
The J2EE Roles
All protected Web Resources are mapped to the same J2EE Role, tm1.
There are two Web Resources defined in web.xml:
Only /ProtectSubjectservlet is protected by J2EE Security.
This example will use Form-based authentication. More information can be found here.
Form-based authentication requires two paths to be defined: a login path and an error path.
In this example, the login path is login.jsp, which kept in the document root directory of the WAR file.
In this example, the error path is error.jsp, which is also kept in the document root directory of the WAR file.
A jboss-web.xml file has been added to the Web Application to map the application to a Security Domain.
The build.xml for this example is here.
Hitting the initial URL will redirect to the login page.
Enter a valid userid and password (2/secret).
JAAS Subject Contents
The information generated by the Subject Servlet screenshot is as follows:
Full dump of JAAS Subject
JAAS Subject: Subject: Principal: 2 Principal: Roles(members:tm1,Group1)
Principal Classname: org.jboss.security.SimplePrincipal
Principal Classname: org.jboss.security.SimpleGroup
The JAAS Subject contains two principal objects: SimplePrincipal and SimpleGroup. The SimplePrincipal object contains the “username” that was introduced in the form field userid. The SimpleGroup principal contains two Roles/Groups: tm1 and Group1. “tm1” is the J2EE Role. “Group1” is the LDAP Group that the user “2” belongs to (it is only a member of one LDAP Group
There are no Public Credential objects.
There are no Private Credential objects.
The full source, Deployment Descriptors, and Ant build.xml can be downloaded here.