form login with jdbc realm weird behaviour on different user
roles.xml
----------------------------------------------------------------------
Key: WFLY-4460
URL:
https://issues.jboss.org/browse/WFLY-4460
Project: WildFly
Issue Type: Feature Request
Components: Security
Affects Versions: 8.2.0.Final
Reporter: Mohamed Rifni
Assignee: Darran Lofthouse
I have below user roles in the system,
CASHIER,
AGENTS,
MANAGER
When I try to login as cashier and agents it does work but fails for manager role. I get
redirected back to the login form when I try to login as a user which has a manager role,
this wasnt happening in wildfly 8.0 and today I updated my server to 8.2 and it happens. I
am using standalone.xml. I am using jsf 2.2 and primefaces 5.
I tried on glassfish 4 and it works smoothly like wildfly 8.0.
web.xml
<security-constraint>
<display-name>MANAGER</display-name>
<web-resource-collection>
<web-resource-name>Manager</web-resource-name>
<description/>
<url-pattern>/manager-area/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>MANAGER</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>mtaV4-security-jdbcrealm</realm-name>
<form-login-config>
<form-login-page>/login_home.xhtml</form-login-page>
<form-error-page>/login_home.xhtml</form-error-page>
</form-login-config>
</login-config>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web
xmlns="http://www.jboss.com/xml/ns/javaee">
<context-root/>
<security-domain>mtaV4-security-jdbcrealm</security-domain>
</jboss-web>
standalone-full.xml
<security-domain name="mtaV4-security-jdbcrealm"
cache-type="default">
<authentication>
<login-module code="Database"
flag="required">
<module-option name="dsJndiName"
value="java:/jboss/__MTAV4"/>
<module-option name="principalsQuery"
value="select userpassword from users where email=?"/>
<module-option name="rolesQuery"
value="select role_name, 'Roles' from user_roles where email=?"/>
<module-option name="unauthenticatedIdentity"
value="guest"/>
</login-module>
</authentication>
</security-domain>