[jboss-user] [Security & JAAS/JBoss] - Re: Why JAAS authenticate() fails?
benccit
do-not-reply at jboss.com
Wed Nov 8 20:59:12 EST 2006
Hi jaikiran,
Thanks for your help in advance.
1. I am using jboss-4.0.3SP1.
The application which I am testing is jbossweb-tomcat55.sar/ROOT.war.
Under ROOT.war/authentik, I have transportation-security-roles.properties and transportation-security-users.properties.
In transportation-security-roles.properties, I have the following line:
joe1=moderator
In transportation-security-users.properties, I have the following line:
joe1=pass
The resources to be secured is the directory ROOT.war/secret.
I used FORM-based authentication method.
The login html file is loginform.html which has action = "j_security_check" with input "j_username" and "j_password".
2. The server/default/conf/login-config.xml contains the following application policy:
<application-policy name = "transportation-security">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">/authentik/transportation-security-users.properties</module-option>
<module-option name="rolesProperties">/authentik/transportation-security-roles.properties</module-option>
</login-module>
</application-policy>
3. server/default/conf/log4j.xml is configured to have FILE Appender to log message in server.log, and contains the following categories:
<appender-ref ref="FILE"/>
<appender-ref ref="FILE"/>
<appender-ref ref="FILE"/>
4. jboss-web.xml specified the transportation-security policy:
<jboss-web>
<security-domain>java:/jaas/transportation-security</security-domain>
</jboss-web>
5. web.xml related to security configuration:
<security-role>
<role-name>moderator</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted Area</web-resource-name>
<url-pattern>/secret/*</url-pattern>
Authorized user only
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>moderator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/loginform.html</form-login-page>
<form-error-page>/loginerror.html</form-error-page>
</form-login-config>
<realm-name>transportation-security</realm-name>
</login-config>
</web-app>
6. TRACE in jboss.log :
REQUEST URI =/secret/j_security_check
..
20:53:22,166 INFO [[localhost]] parameter=j_username=joe1
20:53:22,166 INFO [[localhost]] parameter=j_password=pass
..
20:53:22,167 INFO [[localhost]] servletPath=/secret/j_security_check
..
20:53:22,183 INFO [[/]] default: DefaultServlet.serveResource: Serving resource '/loginerror.html' headers and data
7. No TRACE message was found in server.log
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3984362#3984362
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3984362
More information about the jboss-user
mailing list