[jboss-user] [Beginner's Corner] - JAAS Login issue
ionutvaidianu
do-not-reply at jboss.com
Mon Apr 9 09:19:13 EDT 2012
ionutvaidianu [https://community.jboss.org/people/ionutvaidianu] created the discussion
"JAAS Login issue"
To view the discussion, visit: https://community.jboss.org/message/728886#728886
--------------------------------------------------------------
Hello,
I'm quite new to JBoss AS, so please bare with me and any help is appreciated.
Here is my problem: I have a RichFaces web application and I want to restrict access to most of the pages. As far as I have found so far the best way (opened for suggetions and debate here) to secure content is at container level by defining a security domain and a module that will authorize the users so they can be able to access secured pages.
I have done all the configuration, the pages are protected, but even from a user that authenticates. In other words event after authentication I get redirected to the login page and cannot access any of the protected pages. I get no error / message in the server console (The log level for CONSOLE is on DEBUG).
Is it a known issue, is there a WA for it or am I doing something wrong?
Thanks!
Here is the setup:
JBoss AS 7.1.1 Final, standalone configuration.
The security domain (the associated datasource is functional because at some point I got wrong password in the server console):
<security-domain name="SecuredRealm">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/securityDS"/>
<module-option name="principalsQuery" value="select passwd from Users where username=?"/>
<module-option name="rolesQuery" value="select userRoles,'Roles' from UserRoles where username=?"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
<module-option name="maxInvalidLoginAttempts" value="5"/>
</login-module>
</authentication>
</security-domain>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/SecuredRealm</security-domain>
</jboss-web>
web.xml
|
| <security-constraint> |
|
|
| <web-resource-collection> |
|
|
|
| <web-resource-name>SecuredRealm</web-resource-name> |
|
|
|
| <url-pattern>/*</url-pattern> |
|
|
|
| <http-method>GET</http-method> |
|
|
|
| <http-method>POST</http-method> |
|
|
| </web-resource-collection> |
|
|
| <auth-constraint> |
|
|
|
| <role-name>*</role-name> |
|
|
| </auth-constraint> |
|
|
| <!-- <user-data-constraint> --> |
|
|
| <!-- <transport-guarantee>CONFIDENTIAL</transport-guarantee> --> |
|
|
| <!-- </user-data-constraint> --> |
|
| </security-constraint> |
|
| <security-constraint> |
|
|
| <web-resource-collection> |
|
|
|
| <web-resource-name>Unprotected area</web-resource-name> |
|
|
|
| <url-pattern>/resources/*</url-pattern> |
|
|
| </web-resource-collection> |
|
| </security-constraint> |
|
| <login-config> |
|
|
|
| <auth-method>FORM</auth-method> |
|
|
|
| <realm-name>SecuredRealm</realm-name> |
|
|
|
| <form-login-config> |
|
|
|
|
| <form-login-page>/jasl.jsf</form-login-page> |
|
|
|
| <form-error-page>/jasl.jsf</form-error-page> |
|
|
| </form-login-config> |
|
|
| </login-config> |
|
|
| <security-role> |
|
|
|
| <role-name>admin</role-name> |
|
|
| </security-role> |
|
|
| <security-role> |
|
|
|
| <role-name>normal</role-name> |
|
|
| </security-role> |
|
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/728886#728886]
Start a new discussion in Beginner's Corner at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120409/13bba451/attachment-0001.html
More information about the jboss-user
mailing list