[jboss-user] [Security & JAAS/JBoss] - Re: Feature Requests for users dealing with migration

fabio.ita04 do-not-reply at jboss.com
Fri Dec 15 07:56:20 EST 2006


Hi,

I'm trying to migrate from Tomcat. Using FORM authentication in a web app, with security constraints configured in web.xml.

In Tomcat, realms was being configured at META-INF/context.xml


  | <Context>
  | <Realm className="org.apache.catalina.realm.DataSourceRealm"
  |  debug="1" dataSourceName="jdbc/db" localDataSource="true"
  |  digest="MD5" userTable="user" userNameCol="login"
  |  userCredCol="password" userRoleTable="permission"
  |  roleNameCol="category" />
  | </Context>
  | 

In JBoss, I tried to reuse this configuration in my war, but authentication not worked.

So, I read various articles, and tried to configure JBoss to use JAAS:

1) /conf/login-config.xml : add the entry 

  | <application-policy name="db">
  | <authentication>
  | <login-module flag="required" code="org.jboss.security.auth.spi.DatabaseServerLoginModule">
  |    <module-option name="dsJndiName">java:/jdbc/db</module-option>
  |    <module-option name="hashAlgorithm">MD5</module-option>
  |    <module-option name="hashEncoding">hex</module-option>
  |    <module-option name="principalsQuery">
  |        select password from User where login=?
  |    </module-option>
  |    <module-option name="rolesQuery">
  |       select category as Roles, 'roles' as RolesGroups from Permission where login=?
  |    </module-option>
  | </login-module>
  | </authentication>
  | </application-policy>
  | 

2) jboss-web.xml

  | <jboss-web>
  |     <security-domain>java:/jaas/db</security-domain>
  | </jboss-web>
  | 

At this point, I'm able to authenticate, but the server don't assign any authorization to the logged user (request.isUserInRole(role) always returns false).

Any help?
Thanks in advance.
Miranda.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3994210#3994210

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3994210



More information about the jboss-user mailing list