The ee-security quickstart demonstrates Jakarta EE security.
The ee-security quickstart is an example project showing the use of Jakarta EE security in {productNameFull}.
The deployment in this quickstart contains a simple HTTP servlet, which is secured using a custom HttpAuthenticationMechanism. The authentication mechanism in turn makes use of a custom IdentityStore.
This quickstart is hard coded to work with a user quickstartUser with password quickstartPwd1!.
../shared-doc/back-up-server-standalone-configuration.adoc ../shared-doc/start-the-standalone-server.adoc
You configure the security domain by running JBoss CLI commands. For your convenience, this quickstart batches the commands into a configure-elytron.cli script provided in the root directory of this quickstart.
-
Before you begin, make sure you do the following:
-
Back up the {productName} standalone server configuration as described above.
-
Start the {productName} server with the standalone default profile as described above.
-
-
Review the
configure-elytron.clifile in the root of this quickstart directory. This script adds the configuration that enables Elytron security for the quickstart components. Comments in the script describe the purpose of each block of commands. -
Open a new terminal, navigate to the root directory of this quickstart, and run the following command, replacing
{jbossHomeName}with the path to your server:$ {jbossHomeName}/bin/jboss-cli.sh --connect --file=configure-elytron.cliNoteFor Windows, use the {jbossHomeName}\bin\jboss-cli.batscript.You should see the following result when you run the script:
The batch executed successfully process-state: reload-required -
You’ll need to reload the configuration after that:
$ {jbossHomeName}/bin/jboss-cli.sh --connect --commands=reload
The application will be running at the following URL: http://localhost:8080/{artifactId}/secured
|
Note
|
If you attempt to access that URL, you will see "Unauthorized". |
To see and manipulate the HTTP headers within the HTTP requests, it is recommended to use a client like curl to invoke the servlet.
$ curl -v http://localhost:8080/ee-security/secured
...
< HTTP/1.1 401 Unauthorized
< Connection: keep-alive
< X-MESSAGE: Please resubmit the request with a username specified using the X-USERNAME and a password specified using the X-PASSWORD header.This first request shows the client is being prompted to authenticate. The X-MESSAGE header is providing additional information as to how the client can achieve this.
The request can now be submitted with the previously added user.
$ curl -v http://localhost:8080/ee-security/secured -H 'X-Username:quickstartUser' -H 'X-Password:quickstartPwd1!'
...
> GET /ee-security/secured HTTP/1.1
> Host: localhost:8080
> X-Username:quickstartUser
> X-Password:quickstartPwd1!
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 125
<
SecuredServlet - doGet()
Identity as available from SecurityContext 'quickstartUser'
Identity as available from injection 'quickstartUser'The resulting output shows authentication was successful and the correct identity has been established.