[jboss-user] [Security & JAAS/JBoss] - DatabaseLoginServerModule implementing problems

NSchweig do-not-reply at jboss.com
Fri Apr 24 23:05:15 EDT 2009


I am very confused about implementing a simple example with the DatabaseLoginServerModule.
Is there anywhere an example-project I can use?
I only found http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html
and that is not really an example. 

Here is my problem:
I have got a web project with form based authentication.

  | <body>
  | <h1>Please Authenticate</h1>
  | <form method="POST" action="j_security_check">
  |   User Name: <input type="text" name="j_username" /><br />
  |   Password: <input type="password" name="j_password" /><br />
  |   <input type="submit" value="Login" />
  | </form>
  | </body>
  | </html>

These are my security settings in the web.xml

  |   <web-resource-collection>
  |    <web-resource-name>restricted</web-resource-name>
  |    <url-pattern>/secured_pages/*</url-pattern>
  |    <http-method>GET</http-method>
  |    <http-method>POST</http-method>
  |   </web-resource-collection>
  |   <auth-constraint>
  |    <role-name>java</role-name>
  |   </auth-constraint>
  |  </security-constraint>
  |  <login-config>
  |   <auth-method>FORM</auth-method>
  |   <form-login-config>
  |    <form-login-page>/login.html</form-login-page>
  |    <form-error-page>/error.html</form-error-page>
  |   </form-login-config>
  |  </login-config>
  |  <security-role>
  |   <role-name>java</role-name>
  |  </security-role>

In the jboss directory C:\jboss-5.0.1.GA\server\default\conf I made the following entry in the login-config.xml

  | <application-policy name="databaselogin">
  | <authentication>
  |   <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
  |         <module-option name="dsJndiName">java:/databaselogin</module-option>
  |         <module-option name="debug">true</module-option>
  | 	<module-option name="principalsQuery">
  |                     select passwd from users username where username=?</module-option>
  |                 <module-option name="rolesQuery">
  |                     select userroles, 'roles' from userroles where username=?</module-option>
  |             </login-module>
  |         </authentication>
  |     </application-policy>

In the web-inf-directory of my web-application I got the file jboss-web.xml:
<?xml version='1.0' encoding='UTF-8' ?>
  | <!DOCTYPE jboss-web
  |     PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
  |     "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
  | <jboss-web>
  |   <security-domain>java:/jaas/databaselogin</security-domain>
  | </jboss-web>

Then I created a testdatabase in my databasetool:

table roles: username, rolename, rolegroupname
table users: username, passwd
table userroles: username,userroles

Every table has one record. Every field is filled with the String "java".

If I try to get access to the application with the authenticationform with username 'java' and password 'java' I always get the error page that says my username or password is wrong.

What am I doing wrong?

I would be very pleased about any help!

Thanks NSchweig

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4226707#4226707

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4226707

More information about the jboss-user mailing list