首先新建我们的Web项目
开始定义JBoss的用户角色策略
找到jboss-as\server\default\conf\login-config.xml文件
在结尾节点添加
<!-- application-policy name--> <application-policy name="fredsplace"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <!--our user roles define--> <module-option name="usersProperties">props/jbossws-users.properties</module-option> <module-option name="rolesProperties">props/jbossws-roles.properties</module-option> </login-module> </authentication> </application-policy>
我们定义了策略文件的位置,添加策略文件的内容
jboss-as\server\default\conf\props\jboss-users.properties
# Format: <username>=<password> admin=admin
jboss-as\server\default\conf\props\jboss-roles.properties
# Format: <username>=<rolename> admin=Admin
在项目文件WEB-INF\jboss-web.xml引入我们的安全策略
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 4.2//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_2.dtd"> <jboss-web> <security-domain>java:/jaas/fredsplace</security-domain> </jboss-web>
在项目文件WEB-INF\web.xml定义需要安全访问的域和角色
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <!-- FIXME: Add missing security constraint section here --> <security-constraint> <web-resource-collection> <web-resource-name>SecureContent</web-resource-name> <!--限制访问的路径为 Admin/*--> <url-pattern>/Admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>My security</realm-name> <form-login-config> <form-login-page>/Login.html</form-login-page> <form-error-page>/LoginFailed.html</form-error-page> </form-login-config> </login-config> <security-role> <description>需要验证的角色 </description> <role-name>Admin</role-name> </security-role> </web-app>