How to define JBoss Security Roles - migration from WebSphere to EAP 6.4

Question

I am trying to migrate an applicaiton from WebSphere 7.0 to JBoss EAP 6.4.

I have done all the needed changes to see the webpage. But my problem starts at that point.

On web.xml there are 6 different security-role declarations for several jsp files.

When I open the application from browser it shows me the welcome page which OK,

But when I click on sign-in button I see a 403 error on screen on EAP 6.4.

When I open the same application on WebSphere and click on the sign-in button it opens a browser pop-up which asks for a username and password.

Security roels are these

<security-role>
    <description></description>
    <role-name>xxxx</role-name>
</security-role>
<security-role>
    <description></description>
    <role-name>yyyy</role-name>
</security-role>
<security-role>
    <description></description>
    <role-name>zzzz</role-name>
</security-role>
<security-role>
    <description></description>
    <role-name>kkkk</role-name>
</security-role>
<security-role>
    <description></description>
    <role-name>pppp</role-name>
</security-role>
<security-role>
    <description></description>
    <role-name>llll</role-name>
</security-role>

And these are given as auth-constraint and security-constraint for the jsp pages.

<security-constraint>
    <display-name>xxxx</display-name>
    <web-resource-collection>
        <web-resource-name>xxxx</web-resource-name>
        <description></description>
        <url-pattern>/jsp/auth/*</url-pattern>
        <url-pattern>/jsp/includes/*</url-pattern>
        <url-pattern>*.do</url-pattern>
        <url-pattern>/jsp/menu.jsp</url-pattern>
        <http-method>GET</http-method>
        <http-method>PUT</http-method>
        <http-method>HEAD</http-method>
        <http-method>TRACE</http-method>
        <http-method>POST</http-method>
        <http-method>DELETE</http-method>
        <http-method>OPTIONS</http-method>
    </web-resource-collection>
    <auth-constraint>
        <description></description>
        <role-name>xxxx</role-name>
    </auth-constraint>
</security-constraint>

I beleive I have to define these roles on JBoss EAP 6.4 to make it work as it does on WebSphere.

So, my question is: How can I define these roles in JBoss EAP 6.4? I checked the documentations and tried to do them but couldn't make it work.

Thanks.

Answer 1

I solved my own problem.

The solution steps are below:

1- Open jboss-cli.bat and connect -> while server is up

2- run this command : /core-service=management/access=authorization:write-attribute(name=provider,value=rbac)

3- Open add-user.bat

4- Add new user to ApplicationRealm with groups that you need. Which are the ones I have on question as ROLE.

AFter doing that check application-users.properties and application-roles.properties. If the ones that you wrote to add-user.bat are there then you are ready to go.

Also check standalone.xml if provider is changed to RBAC.

Thats all I have done to make it work.