[jboss-user] [Security & JAAS/JBoss] - DatabaseLoginServerModule implementing problems
NSchweig
do-not-reply at jboss.com
Fri Apr 24 23:05:15 EDT 2009
Hi,
I am very confused about implementing a simple example with the DatabaseLoginServerModule.
Is there anywhere an example-project I can use?
I only found http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html
and that is not really an example.
Here is my problem:
I have got a web project with form based authentication.
login.html
<html>
| <body>
| <h1>Please Authenticate</h1>
| <form method="POST" action="j_security_check">
| User Name: <input type="text" name="j_username" /><br />
| Password: <input type="password" name="j_password" /><br />
| <input type="submit" value="Login" />
| </form>
| </body>
| </html>
These are my security settings in the web.xml
<security-constraint>
| <web-resource-collection>
| <web-resource-name>restricted</web-resource-name>
| <url-pattern>/secured_pages/*</url-pattern>
| <http-method>GET</http-method>
| <http-method>POST</http-method>
| </web-resource-collection>
| <auth-constraint>
| <role-name>java</role-name>
| </auth-constraint>
| </security-constraint>
| <login-config>
| <auth-method>FORM</auth-method>
| <form-login-config>
| <form-login-page>/login.html</form-login-page>
| <form-error-page>/error.html</form-error-page>
| </form-login-config>
| </login-config>
| <security-role>
| <role-name>java</role-name>
| </security-role>
In the jboss directory C:\jboss-5.0.1.GA\server\default\conf I made the following entry in the login-config.xml
| <application-policy name="databaselogin">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
| <module-option name="dsJndiName">java:/databaselogin</module-option>
| <module-option name="debug">true</module-option>
|
| <module-option name="principalsQuery">
| select passwd from users username where username=?</module-option>
| <module-option name="rolesQuery">
| select userroles, 'roles' from userroles where username=?</module-option>
| </login-module>
| </authentication>
| </application-policy>
In the web-inf-directory of my web-application I got the file jboss-web.xml:
<?xml version='1.0' encoding='UTF-8' ?>
|
| <!DOCTYPE jboss-web
| PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
| "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
|
| <jboss-web>
| <security-domain>java:/jaas/databaselogin</security-domain>
| </jboss-web>
|
Then I created a testdatabase in my databasetool:
table roles: username, rolename, rolegroupname
table users: username, passwd
table userroles: username,userroles
Every table has one record. Every field is filled with the String "java".
If I try to get access to the application with the authenticationform with username 'java' and password 'java' I always get the error page that says my username or password is wrong.
What am I doing wrong?
I would be very pleased about any help!
Thanks NSchweig
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4226707#4226707
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4226707
More information about the jboss-user
mailing list