If you look at the JBoss security system as one of the possible explanations for how to enable JAAS using JBoss 6 and create this web.xml to configure JAAS protection for protection, i.e. Rest api:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <context-param> <param-name>resteasy.scan</param-name> <param-value>true</param-value> </context-param> <context-param> <param-name>resteasy.servlet.mapping.prefix</param-name> <param-value>/api</param-value> </context-param> <listener> <listener-class> org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap </listener-class> </listener> <servlet> <servlet-name>resteasy-servlet</servlet-name> <servlet-class> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher </servlet-class> </servlet> <servlet-mapping> <servlet-name>resteasy-servlet</servlet-name> <url-pattern>/api/*</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <login-config> <auth-method>FORM</auth-method> <realm-name>fileRealm</realm-name> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/error.html</form-error-page> </form-login-config> </login-config> <error-page> <error-code>403</error-code> <location>/accessdenied.jsp</location> </error-page> <security-constraint> <display-name>Secured Content</display-name> <web-resource-collection> <web-resource-name>Secured Content</web-resource-name> <url-pattern>/api/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>HEAD</http-method> <http-method>PUT</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>ADMINISTRATOR</role-name> <role-name>MANAGER</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>ADMINISTRATOR</role-name> </security-role> <security-role> <role-name>MANAGER</role-name> </security-role> <security-role> <role-name>EMPLOYEE</role-name> </security-role> <security-role> <role-name>USER</role-name> </security-role> <security-role> <role-name>DEFAULT</role-name> </security-role> <session-config> <session-timeout>5</session-timeout> <cookie-config> <name>SESSIONID</name> </cookie-config> </session-config> </web-app>
then a URL such as http://localhost:8080/webcontext/api/restpath will be protected, and hitting this URL will be redirected to the login page. And it works for me.
Now I would like to bring AngularJS to this mix as an interface. It would be possible? So how do I implement it. If not, what are the alternatives? Ideally, I would like to use JAAS.
I think I like to know how I can change
<form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/error.html</form-error-page> </form-login-config>
<form-login-page> to more likely serve, for example. a /partial/view/login.html in an /partial/view/login.html app instead? (if that makes sense) In other words, get rid of the login.html file and redirect JAAS to any page / file in Angular as the login form.
source share