[Security & JAAS/JBoss] - combination of JAAS
by zilbi
Hi Guys,
am trying to develop a website with the regular login feature and also to enable programmatic login to be used by affiliates via API.
working with "jboss-4.2.2.GA" i got the first part (using the FORM login) done fast enough. but i cannot complete the second part...
:(
also added a simple LoginServlet; trying to login to this servlet works.
but after that, when i try access a resource that is under the protected area i get redirection to the login.jsp page!
why? didn't i just login with the servlet?
what am i missing?
here is my code below...
thanks!
my login-config.xml:
<application-policy name="jinni">
| <authentication>
|
| <login-module code="org.jboss.security.ClientLoginModule" flag="required">
| <module-option name="restore-login-identity">true</module-option>
| <module-option name="multi-threaded">true</module-option>
| </login-module>
|
| <login-module code="com.jinni.security.LoginModule" flag="required">
|
| <module-option name="managedConnectionFactoryName">
| jboss.jca:service=LocalTxCM,name=JinniDatasource
| </module-option>
|
| <module-option name="dsJndiName">
| java:/JinniDatasource
| </module-option>
|
| <module-option name="principalsQuery">
| select password from users where user_name =?
| </module-option>
|
| <module-option name="rolesQuery">
| select roles.name as 'Roles', 'Roles' as 'RoleGroups' from users, security_profile_roles, roles
| where roles.id = security_profile_roles.role_id
| and security_profile_roles.security_profile_id = users.security_profile_id
| and users.user_name =?
| </module-option>
|
| <module-option name="restore-login-identity">true</module-option>
| <module-option name="multi-threaded">true</module-option>
|
| </login-module>
|
| </authentication>
| </application-policy>
and my web.xml:
<security-constraint>
|
| <web-resource-collection>
| <web-resource-name>action</web-resource-name>
| <url-pattern>/protected/*</url-pattern>
| <http-method>HEAD</http-method>
| <http-method>GET</http-method>
| <http-method>POST</http-method>
| <http-method>PUT</http-method>
| <http-method>DELETE</http-method>
| </web-resource-collection>
|
| <auth-constraint>
| <role-name>Echo</role-name>
| </auth-constraint>
|
| <user-data-constraint>
| <description>no description</description>
| <transport-guarantee>NONE</transport-guarantee>
| </user-data-constraint>
| </security-constraint>
|
| <login-config>
| <auth-method>FORM</auth-method>
| <form-login-config>
| <form-login-page>/login.jsp</form-login-page>
| <form-error-page>/error.jsp</form-error-page>
| </form-login-config>
| </login-config>
|
| <security-role>
| <description>A user allowed to invoke echo methods</description>
| <role-name>Echo</role-name>
| </security-role>
| <servlet>
the login.jsp:
<html >
| <head>
| <title></title>
| <!-- To prevent caching -->
| <%
| response.setHeader("Cache-Control","no-cache"); // HTTP 1.1
| response.setHeader("Pragma","no-cache"); // HTTP 1.0
| response.setDateHeader ("Expires", -1); // Prevents caching at the proxy server
| %>
| </head>
| <body>
| <form name="logonForm" action="j_security_check" method="post">
| <table width="100%" border="0" cellspacing="0" cellpadding="1" bgcolor="white">
| <tr align="center">
| <td align="right" class="Prompt"></TD>
| <td align="left">
| <input type="text" name="j_username" maxlength=20>
| </td>
| </tr>
| <tr align="center">
| <td align="right" class="Prompt"> </TD>
| <td align="left">
| <input type="password" name="j_password" maxlength=20 >
| </td>
| </tr>
| <tr align="center">
| <td align="right" class="Prompt"> </TD>
| <td align="left">
| <input type="submit" value="Login">
| </td>
| </tr>
| </table>
| </form>
| </body>
| </html>
the LoginServlet:
protected void doPost(HttpServletRequest req, HttpServletResponse response) throws ServletException, IOException
| {
| PrintWriter pw = response.getWriter();
| try {
| // Get the form's username & password fields
| //
| String user = req.getParameter("user");
| String pass = req.getParameter("pass");
|
| // is that needed???
| // could not hurt
| WebAuthentication webA = new WebAuthentication();
| boolean flag = webA.login(user, pass);
| pw.write("flag = " + flag);
| pw.write('\n');
|
|
| // Use the username/password to initialize the
| // callback handler and then do the authentication.
| PassiveCallbackHandler cbh = new PassiveCallbackHandler(user, pass);
| LoginContext lc = new LoginContext("jinni", cbh);
| lc.login();
|
| // Loop through all Principals and Credentials.
| //
| Iterator it = lc.getSubject().getPrincipals().iterator();
| while (it.hasNext())
| pw.write("Authenticated: " + it.next().toString() + "<br>");
|
| it = lc.getSubject().getPublicCredentials(Properties.class).iterator();
|
| while (it.hasNext())
| pw.write(it.next().toString());
|
| lc.logout();
| }
| catch(Exception E)
| {
| System.err.println(E);
| pw.write("An Error Has Occurred");
| pw.flush();
| }
| }
thanks again
:)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135167#4135167
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135167
18 years, 1 month
[JBoss Tools (users)] - Re: howto change projects' database connection?
by daveyx
hi, thanks for your reply
i installd the correct jdbc driver. this is sure, because i can build a new sem web project and configure it for a postgresql connection. this works, i can see the correct datatables via pgadmin.
i only want to change the settings for my hsqldb configured project.
i built a new project with postgresql connection and had a look into the folder structure.
in myproj/.settings are two files:
| org.jboss.tools.seam.core.prefs
| org.jboss.tools.jst.web.xml
|
i think that the databaseconnection is defined here, because the first file references a "seam.project.connection.profile=mypostgres" in mypostgresproject and "seam.project.connection.profile=myhsqldb" in myhsqldbproject
but changing this value does not result in a correct database connection,nothing happens.
the second file includes thousands of
<FILESYSTEM ENTITY="FileSystemJar" ...
but different in the two projects.
and one contains the jdbc path (in configfile of myhsqldbproj)
| LOCATION="/.../jboss-4.2.2.GA/server/default/lib/postgresql-8.3-603.jdbc3.jar" NAME="lib-postgresql-8.3-603.jdbc3.jar"/>
i am wondering why jboss tools does not provide a gui to switch to another databaseprofile?
i dont want to copy all the sources from hsqldbproject to postgresproject, because of the packingstructure...
any other ideas still welcome
davey
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135164#4135164
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135164
18 years, 1 month
[Beginners Corner] - Re: reading didn't help
by hate_rtfm_rafb
echo %JAVA_HOME%
C:\Program Files\Java\jdk1.6.0_05
I guess according to what you say(not what the docs say/omitted), I should install Java elsewhere, even though I've been making non-server Java applications in eclipse/netbeans for years without any problems at all with Java in program files.
%JBOSS_HOME%\server\< serverName>\log folder
I don't see anything in C:\jboss\jboss-4.2.2.GA\server except the folders:
all, default, minimal. Needless to say, I still can't find the error log(s).
Why does 4.22 documentation say it's still in beta and downloads say it's stable? I shouldn't even help the Jboss company out with this documentation debugging info. I should just use IIS and forget about searching for hours for non-existant support in time wasting documentation.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135163#4135163
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135163
18 years, 1 month