Hello,
since a few days i am trying to setup a jboss server that was running for a long time, but
wasn't used for the past months. the deploy path is available with all the contents
and is working like expected where no login is needed (apache and tomcat is also
configured like before). database connections are loging in successfully.
the project itself is very huge - but the company that did the first setup is not
available anymore. so we need to get it up and running ourselfs.
from my investigations the problem is the missing conf path. (login-conf.xml maybe)
when the application sends the auth - the tomcat is sending back that an auth is needed
but not given and so the "RequestProcessor" is not available. There is no sql
statements executed (i am monitoring the mysql.log on a development machine)
corresponding web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>ProtectedServlets</web-resource-name>
<url-pattern>/RequestProcessor</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MyUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My Web Service</realm-name>
</login-config>
<security-role>
<role-name>MyUser</role-name>
</security-role>
corresponding jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/myDataBase</security-domain>
<ejb-local-ref>
<ejb-ref-name>
ejb/JBossRequestProcessorSession
</ejb-ref-name>
<local-jndi-name>
myDataBase/JBossRequestProcessorSession
</local-jndi-name>
</ejb-local-ref>
.......
.......
.......
</jboss-web>
used for the test is an internal server with an internal name test.intern so that no
traffic goes out - that is all workin well in the network so no need to think about that
what happens in auth is this
the client sends
.4......HTTP/1.1.../server/RequestProcessor...192.168.0.110.....www.test.intern..P.......Basic.bWFya3VzOmFzZGZhc2Rm.....Jakarta.Commons-HttpClient/2.0.2.....www.test.intern.....36....!application/x-www-form-urlencoded...........
the jk.log says
<Unauthorized.....WWW-Authenticate..(Basic.realm="My.Web.Service"...Content-Type...text/html;charset=utf-8...
------
the cryptic string is a base64 encoded username password pair
that is the bottom of the problem - nowhere i am able to find informations if i can send
this through login-config.xml into the database - i know how to say that the password is
encrypted - and what the algorithm is - but not how to handle user and password within ONE
base64string
my mysql statement would be like that
SELECT userID FROM logins WHERE username=? AND password=?
(password is md5 encrypted)
the second for the role would be
SELECT privilege FROM set_privileges WHERE userId=?
(privilege would be MyUser)
they are all fetched from MyDataBase
is there any help where i can find out how to handle that? (base64decode - split - md5
encode)
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4258078#...
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...