[jboss-user] [Security & JAAS/JBoss] - Error 403 when using DatabaseServerLoginModule
yj4jboss
do-not-reply at jboss.com
Fri Nov 3 01:06:44 EST 2006
Hi all,
I am trying to configure JAAS in jboss 4.0.4.GA for a sample seam application. Here's my configs:
JBoss 4.0.4.GA
Seam 1.0.1.GA
Hibernate 3.2.0 CR1
MySQL 4.1.9
My Principals and Roles Tables are as follows:
|
| --
| -- Table structure for table `principals`
| --
|
| CREATE TABLE `principals` (
| `PrincipalId` varchar(255) NOT NULL default '',
| `Password` varchar(255) NOT NULL default '',
| PRIMARY KEY (`PrincipalId`)
| ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
|
| --
| -- Dumping data for table `principals`
| --
|
| INSERT INTO `principals` VALUES ('Admin', 'admin');
| INSERT INTO `principals` VALUES ('user', 'user');
| INSERT INTO `principals` VALUES ('Yogesh', 'yogesh');
|
| --
| -- Table structure for table `roles`
| --
|
| CREATE TABLE `roles` (
| `PrincipalId` varchar(255) NOT NULL default '',
| `Role` varchar(255) NOT NULL default '',
| `RoleGroup` varchar(255) NOT NULL default '',
| PRIMARY KEY (`PrincipalId`)
| ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
|
| --
| -- Dumping data for table `roles`
| --
|
| INSERT INTO `roles` VALUES ('Admin', 'Admin', 'Admin');
| INSERT INTO `roles` VALUES ('user', 'User', 'User');
| INSERT INTO `roles` VALUES ('Yogesh', 'Admin', 'Admin');
|
|
|
|
Here's wats in my jboss-app.xml:
|
| <jboss-app>
| <module>
| <service>jboss-service.xml</service>
| </module>
|
| <loader-repository>seam.jboss.org:loader=seam-seamapp</loader-repository>
| </jboss-app>
|
|
|
and my jboss-service.xml:
|
| <?xml version="1.0" encoding="UTF-8"?>
| <server>
| <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
| name="JAASExample:service=DynamicLoginConfig">
| <attribute name="AuthConfig">login-config.xml</attribute>
| <depends optional-attribute-name="LoginConfigService">
| jboss.security:service=XMLLoginConfig
| </depends>
| <depends optional-attribute-name="SecurityManagerService">
| jboss.security:service=JaasSecurityManager
| </depends>
| </mbean>
| </server>
|
|
my login-config.xml:
|
| <?xml version='1.0'?>
| <!DOCTYPE policy PUBLIC
| "-//JBoss//DTD JBOSS Security Config 3.0//EN"
| "http://www.jboss.org/j2ee/dtd/security_config.dtd">
|
| <policy>
| <application-policy name = "jaastest">
| <authentication>
| <login-module
| code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag = "required">
| <module-option name = "dsJndiName">java:/jaastestDatasource</module-option>
| <module-option
| name="usersProperties">
| SELECT password for principals WHERE principalId=?
| </module-option>
| <module-option
| name="rolesProperties">
| SELECT role as Roles, roleGroup as RoleGroups from roles where principalId=?
| </module-option>
| </login-module>
| </authentication>
| </application-policy>
| </policy>
|
|
and my jboss-web.xml under the WEB-INF folder:
|
| <?xml version="1.0" encoding="UTF-8"?>
| <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">
| <jboss-web>
| <security-domain>java:/jaas/jaastest</security-domain>
| </jboss-web>
|
|
|
and i added the following lines to my web.xml:
|
| <!-- JAAS Security Configurations -->
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>All resources</web-resource-name>
| <description>Protects all resources</description>
| <url-pattern>/*</url-pattern>
| </web-resource-collection>
| <auth-constraint>
| <role-name>Admin</role-name>
| </auth-constraint>
| </security-constraint>
|
| <security-role>
| <role-name>Admin</role-name>
| </security-role>
|
| <security-role>
| <role-name>User</role-name>
| </security-role>
|
| <login-config>
| <auth-method>BASIC</auth-method>
| <realm-name>JaasTestRealm</realm-name>
| </login-config>
|
|
My EAR file is as follows:
seamapp.ear:
- META-INF
- seamapp.war
- seamapp.ejb3
- login-config.xml
- jboss-service.xml
Though the Authentication works, i am redirected to the correct page but the following error message is displayed:
| HTTP Status 403 - Access to the requested resource has been denied
|
| --------------------------------------------------------------------------------
|
| type Status report
|
| message Access to the requested resource has been denied
|
| description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
|
|
|
Can anyone help me with wats wrong in the configs ??
Also i would like to be able to have the all the logs of the DatabaseServerLoginModule. Until now i am only able to have the log when there a wrong password has been input for a correct username which is as follows:
| 09:46:30,781 DEBUG [DatabaseServerLoginModule] Bad password for username=Yogesh
|
Regards,
Jankee Yogesh
http://www.m-itc.net
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982861#3982861
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982861
More information about the jboss-user
mailing list