https://docs.jboss.org/author/display/AS7/Security+subsystem+configuration
One of the simplest methods is using a property file for the users and an other for the roles;
Code: UsersRoles
Classname: org.jboss.security.auth.spi.UsersRolesLoginModule
File users.properties:
username0=password0 username1=password1
File roles.properties:
username0=role0,role1 username1=role1,role2
In your Jboss's config/standalone.xml look for this configuration:
<subsystem xmlns="urn:jboss:domain:security:1.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="${OPENSHIFT_APP_DIR}/runtime/repo/users.properties" />
<module-option name="rolesProperties" value="${OPENSHIFT_APP_DIR}/runtime/repo/roles.properties" />
</login-module>
</authentication>
</security-domain>
</security-domains>
</subsystem>JBoss is now ready, remember to protect your web app adding this configuration in WEB-INF/web.xml:
<security-constraint> <web-resource-collection> <web-resource-name>Finance</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Megaris Finance</realm-name> </login-config> <security-role> <description>Role for simple users</description> <role-name>user</role-name> </security-role> <security-role> <description>Role for administrators</description> <role-name>admin</role-name> </security-role>
