[jboss-user] [Security & JAAS/JBoss] - Basic Authentication Using Oracle XE

fcastillo.ec do-not-reply at jboss.com
Sat Feb 23 13:50:52 EST 2008 

I configure jboss to use Basic Authentication using Oracle XE as the database where passwords and roles have to be looked. But after deploying my application and trying to access it, the username and password supply don't let me go inside the application. I've tried everything and the dialog that asks for the username and password keeps appearing and asking for the credentials, even though I'm 100% sure the username and password supplied where correct. Here is a list of the files used to configure the Basic Authentication.

web.xml
<!-- Configure the Security Constraints -->
  |     <security-constraint>
  | 	    <web-resource-collection>
  | 	        <web-resource-name>Bank Server protected servlet.</web-resource-name>
  | 	        <description>Require users to authenticate.</description>
  | 	        <url-pattern>/*</url-pattern>
  | 	    </web-resource-collection>
  | 
  | 	    <auth-constraint>
  | 	      <description>Allow AccountUssers to access the application.</description>
  | 	      <role-name>USER</role-name>
  | 	    </auth-constraint>
  |   </security-constraint>
  |   
  |   <security-role>
  | 	<description>Account Users</description>
  | 	<role-name>USER</role-name>
  |   </security-role>
  |   
  |   <login-config>
  |     <auth-method>BASIC</auth-method>
  |     <realm-name>BankServerJaasDbRealm</realm-name>
  |   </login-config>

jboss-web.xml
<security-domain>java:/jaas/BankServerJaasDbRealm</security-domain>

login-config.xml
<application-policy name = "BankServerJaasDbRealm">
  | 	  <authentication>
  | 	     <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
  |              flag = "required">
  |         	   <module-option name="unauthenticatedIdentity">guest</module-option>
  |         	   <module-option name="password-stacking">useFirstPass</module-option>
  |         	   <module-option name="dsJndiName">java:/OracleBankDS</module-option>
  |         	   <module-option name="principalsQuery">SELECT PASSWORD FROM ACCOUNT_INFO WHERE ACCOUNTNUMBER=?</module-option>
  |         	   <module-option name="rolesQuery">SELECT ROLE FROM ACCOUNT_INFO WHERE ACCOUNTNUMBER=?</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>

Any ideas why isn't it working?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131646#4131646

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4131646

More information about the jboss-user mailing list