Note:follow color schemes to track variables references in the whole JAAS configuration in this document such as bitguiders_DS , umDomain etc .
jboss-6.x.x\server\default\deploy\xxxx-ds.xml
<local-tx-datasource>
<jndi-name>bitguiders_DS</jndi-name>
<connection-url>jdbc:postgresql://localhost:5432/db_name</connection-url>
<driver-class>org.postgresql.Driver</driver-class>
<user-name>username</user-name>
<password>password</password>
</local-tx-datasource>
jboss-6.x.x\server\default\conf \ login-config.xml
<application-policy name="umDomain">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/ bitguiders_DS </module-option>
<module-option name = "principalsQuery">SELECT password FROM user WHERE username=?</module-option>
<module-option name = "rolesQuery">select role, 'Roles' from user where username=?</module-option>
</login-module>
</authentication>
</application-policy>
Note:word 'Roles' used in rolesQuery is important by removing this JAAS will not work.
Note:For File based authentication use this section otherwise skip it.
create two property files & place your users and roles in these files
1: jboss-6.x.x\server\default\conf \props\ my-users.properties
# A sample users.properties file for use with the UsersRolesLoginModule
admin=admin
user=user
2: jboss-6.x.x\server\default\conf \props\ my-roles.properties
# A sample roles.properties file for use with the UsersRolesLoginModule
admin=Administrator
user=User
<!
<application-policy name="umDomain">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/my-users.properties</module-option>
<module-option name="rolesProperties">props/my-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
-->
WEB-INF \ jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/umDomain</security-domain>
<context-root>/yourcontext</context-root>
</jboss-web>
Copy this given code in WEB-INF/ web.xml <!-- Security start --> <security-constraint> <display-name>User</display-name> <web-resource-collection> <web-resource-name>public_pages</web-resource-name> <description/> <url-pattern>/view/user/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>HEAD</http-method> <http-method>PUT</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <description/> <role-name> User </role-name> </auth-constraint> <user-data-constraint> <description/> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>umDomain</realm-name> <form-login-config> <form-login-page>/SignInForm.jsp</form-login-page> <form-error-page>/SignInFailed.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description>Application user</description> <role-name> User </role-name> </security-role>
/SignInForm.jsp <form method="post" action="j_security_check"> <input type="text" name="j_username" /> <input type="password" name="j_password" /> <input type="submit" value="Login" /> </form> Note:SignInForm.jsp should neither access directly from url nor it should redirect. Its declaration in web.xml is enough.