[jboss-user] [Security & JAAS/JBoss] - JSF DatabaseServerLoginModule Example not working

NSchweig do-not-reply at jboss.com
Tue Oct 7 07:09:40 EDT 2008 

Hi,

I am new to Security and I am trying since many hours to write a simple application with JSF,Facelets, Form Based Auth and DatabaseServerLoginModule.
I have a running example with form based auth and UserRolesLoginModule. So I took that and tried to connect it with the DataBaseLoginModule-example from
http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html
>From there I got the database and records.

Here are my files:

login-config.xml in jboss-5.0.0.CR2\server\default\conf

  | ...
  | <application-policy name="databaselogin">
  |         <authentication>
  |             <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
  |                              flag="required">
  |                 <module-option name="dsJndiName">java:/databaselogin</module-option>
  |                 <module-option name="principalsQuery">
  |                     select passwd from Users username where username=?</module-option>
  |                 <module-option name="rolesQuery">
  |                     select userRoles, 'Roles' from UserRoles where username=?</module-option>
  |             </login-module>
  |         </authentication>
  |     </application-policy>
  | </policy>

jboss-web.xml in WEB-INF


  | ...
  | <jboss-web>
  |   <security-domain>java:/jaas/databaselogin</security-domain>
  | </jboss-web>

web.xml in WEB-INF
 
  | ...
  |  <security-constraint>
  |   <web-resource-collection>
  |    <web-resource-name>restricted</web-resource-name>
  |    <url-pattern>/secured_pages/*</url-pattern>
  |    <http-method>GET</http-method>
  |    <http-method>POST</http-method>
  |   </web-resource-collection>
  |   <auth-constraint>
  |    <role-name>caller_java</role-name>
  |   </auth-constraint>
  |  </security-constraint>
  |  <login-config>
  |   <auth-method>FORM</auth-method>
  |   <form-login-config>
  |    <form-login-page>/login.html</form-login-page>
  |    <form-error-page>/error.html</form-error-page>
  |   </form-login-config>
  |  </login-config>
  |  <security-role>
  |   <role-name>caller_java</role-name>
  |  </security-role>
  | </web-app>

databaselogin-ds.xml

  | <?xml version="1.0" encoding="UTF-8"?>
  | <datasources>
  |   <local-tx-datasource>
  |     <jndi-name>databaselogin</jndi-name>
  |     <connection-url>jdbc:mysql://localhost:3307/databaselogin</connection-url>
  |     <driver-class>com.mysql.jdbc.Driver</driver-class>
  |     <user-name>XXX</user-name>
  |     <password>XXX</password>
  |     <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter</exception-sorter-class-name>
  |     <metadata>
  |        <type-mapping>mySQL</type-mapping>
  |     </metadata>
  |   </local-tx-datasource>
  | </datasources>

If I click the link that should show me asecured page, the login.html is shown in the right way. But authentication is not working. I tried it with username: java and password:echoman like in the documentation example.

What am I doing wrong? Is there a possibility to debug the module?
Thank you very much.
Nicole

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4180762#4180762

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4180762

More information about the jboss-user mailing list