[jboss-jira] [JBoss JIRA] (WFLY-4460) form login with jdbc realm weird behaviour on different user roles.xml

Thu Nov 10 07:16:01 EST 2016

     [ https://issues.jboss.org/browse/WFLY-4460?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse resolved WFLY-4460.
------------------------------------
    Fix Version/s: 11.0.0.Alpha1
       Resolution: Out of Date


Application server security is migrating to WildFly Elytron

> form login with jdbc realm weird behaviour on different user roles.xml
> ----------------------------------------------------------------------
>
>                 Key: WFLY-4460
>                 URL: https://issues.jboss.org/browse/WFLY-4460
>             Project: WildFly
>          Issue Type: Feature Request
>          Components: Security
>    Affects Versions: 8.2.0.Final
>            Reporter: Mohamed Rifni
>            Assignee: Darran Lofthouse
>             Fix For: 11.0.0.Alpha1
>
>
> I have below user roles in the system,
> CASHIER,
> AGENTS,
> MANAGER
> When I try to login as cashier and agents it does work but fails for manager role. I get redirected back to the login form when I try to login as a user which has a manager role, this wasnt happening in wildfly 8.0 and today I updated my server to 8.2 and it happens. I am using standalone.xml. I am using jsf 2.2 and primefaces 5.
> I tried on glassfish 4 and it works smoothly like wildfly 8.0.
> web.xml
> <security-constraint>
>         <display-name>MANAGER</display-name>
>         <web-resource-collection>
>             <web-resource-name>Manager</web-resource-name>
>             <description/>
>             <url-pattern>/manager-area/*</url-pattern>
>         </web-resource-collection>
>         <auth-constraint>
>             <description/>
>             <role-name>MANAGER</role-name>
>         </auth-constraint>
>     </security-constraint>
> <login-config>
>         <auth-method>FORM</auth-method>
>         <realm-name>mtaV4-security-jdbcrealm</realm-name>
>         <form-login-config>
>             <form-login-page>/login_home.xhtml</form-login-page>
>             <form-error-page>/login_home.xhtml</form-error-page>
>         </form-login-config>
>     </login-config>
> jboss-web.xml
> <?xml version="1.0" encoding="UTF-8"?>
> <jboss-web xmlns="http://www.jboss.com/xml/ns/javaee">
>   <context-root/>
>   <security-domain>mtaV4-security-jdbcrealm</security-domain>
> </jboss-web>
> standalone-full.xml
> <security-domain name="mtaV4-security-jdbcrealm" cache-type="default">
>                     <authentication>
>                         <login-module code="Database" flag="required">
>                             <module-option name="dsJndiName" value="java:/jboss/__MTAV4"/>
>                             <module-option name="principalsQuery" value="select userpassword from users where email=?"/>
>                             <module-option name="rolesQuery" value="select role_name, 'Roles' from user_roles where email=?"/>
>                             <module-option name="unauthenticatedIdentity" value="guest"/>
>                         </login-module>
>                     </authentication>
>                 </security-domain>


--
This message was sent by Atlassian JIRA
(v7.2.3#72005)