[jboss-user] [Security & JAAS/JBoss] - Simple Web Form authentication using JAAS with DatabaseServe

mpurdy1973 do-not-reply at jboss.com
Mon Jun 22 00:02:03 EDT 2009 

i implemented JAAS the best i know how; however, when i enter the correct username and password with the correct role, it forwards me to the bad login page???  i also get no exceptions in the jboss console.

i am using the username: 'tom' and the password 'tomuser'.  as you can see below, tom has a password of 'tomuser' and is in the role of 'admin'

what am i missing???

here is my configuration:

mysql sql code

  | use pyxiswebadmin;
  | drop table users;
  | drop table roles;
  | 
  | create table users
  | ( 
  |     username varchar(64) not null primary key, 
  |     password varchar(64) not null
  | 
  | );
  | 
  | create table roles
  | (
  |    username varchar(64),
  |    role varchar(64)
  |      
  | );
  | 
  | insert into users values ('tom',   'tomuser');
  | insert into users values ('dick',  'dickuser');
  | insert into users values ('harry', 'harryuser');
  | 
  | insert into roles value ('tom',   'admin');
  | insert into roles value ('dick',  'audit');
  | insert into roles value ('harry', 'user');
  | 
  | commit;
  | 


mysql database data

  | mysql> show tables;
  | +-------------------------+
  | | Tables_in_pyxiswebadmin |
  | +-------------------------+
  | | roles                   |
  | | users                   |
  | +-------------------------+
  | 2 rows in set (0.00 sec)
  | 
  | mysql> select * from users;
  | +----------+-----------+
  | | username | password  |
  | +----------+-----------+
  | | tom      | tomuser   |
  | | dick     | dickuser  |
  | | harry    | harryuser |
  | +----------+-----------+
  | 3 rows in set (0.00 sec)
  | 
  | mysql> select * from roles;
  | +----------+-------+
  | | username | role  |
  | +----------+-------+
  | | tom      | admin |
  | | dick     | audit |
  | | harry    | user  |
  | +----------+-------+
  | 3 rows in set (0.00 sec)
  | 

login-config

  |   <!-- ####################################### -->
  |   <!-- added for Pyxis Server security -->
  |   <!-- ####################################### -->
  |   <application-policy name="pyxis-client-login">
  |      <authentication>
  |        <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
  |          <module-option name="dsJndiName">java:/pyxisDS</module-option>
  |          <module-option name="principalsQuery">select password from users where username=?</module-option>
  |          <module-option name="roleQuery">select role, 'Role' from roles where username=?</module-option>
  |        </login-module>
  |      </authentication>
  |   </application-policy>
  | 
  |   <!-- ####################################### -->
  | 


datasource 

  | <?xml version="1.0" encoding="UTF-8"?>
  | 
  | <datasources>
  |   <local-tx-datasource>
  |     <jndi-name>pyxisDS</jndi-name>
  |     <connection-url>jdbc:mysql://localhost:3306/pyxiswebadmin</connection-url>
  |     <driver-class>org.gjt.mm.mysql.Driver</driver-class>
  |     <user-name>pyxis</user-name>
  |     <password>pyxisuser</password>
  |   </local-tx-datasource>
  | 
  | </datasources>
  | 

jboss-web.xml

  | <jboss-web>
  |    <security-domain>java:/jaas/pyxis-client-login</security-domain>
  | </jboss-web>
  | 

web.xml

  | <?xml version="1.0" encoding="UTF-8"?>
  | <web-app version="2.5"
  |    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |    xmlns="http://java.sun.com/xml/ns/javaee"
  |    xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
  |    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
  |    
  |    <welcome-file-list>
  |      <welcome-file>index.jsp</welcome-file>
  |    </welcome-file-list>
  |    
  |    <security-constraint>
  |       <web-resource-collection>
  |          <web-resource-name>HtmlAdaptor</web-resource-name>
  |          <url-pattern>/*</url-pattern>
  |          <http-method>GET</http-method>
  |          <http-method>POST</http-method>
  |       </web-resource-collection>
  |       <auth-constraint>
  |          <role-name>admin</role-name>
  |       </auth-constraint>
  |       <user-data-constraint>
  |          <transport-guarantee>NONE</transport-guarantee>
  |       </user-data-constraint>
  |    </security-constraint>
  | 
  |    <login-config>
  |       <auth-method>FORM</auth-method>
  |       <form-login-config>
  |          <form-login-page>/restricted/login.jsp</form-login-page>
  |          <form-error-page>/restricted/bad-login.jsp</form-error-page>
  |       </form-login-config>
  |    </login-config>
  | 
  |    <security-role>
  |       <role-name>admin</role-name>
  |    </security-role>
  | 
  | </web-app>
  | 



View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4238939#4238939

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4238939

More information about the jboss-user mailing list