[jboss-user] [Installation, Configuration & Deployment] - configuration - config-login.xml

karin1123 do-not-reply at jboss.com
Thu Oct 1 05:47:45 EDT 2009


Hello,

since a few days i am trying to setup a jboss server that was running for a long time, but wasn't used for the past months. the deploy path is available with all the contents and is working like expected where no login is needed (apache and tomcat is also configured like before). database connections are loging in successfully.

the project itself is very huge - but the company that did the first setup is not available anymore. so we need to get it up and running ourselfs.
from my investigations the problem is the missing conf path. (login-conf.xml maybe)

when the application sends the auth - the tomcat is sending back that an auth is needed but not given and so the "RequestProcessor" is not available. There is no sql statements executed (i am monitoring the mysql.log on a development machine)

corresponding web.xml
<security-constraint>
      <web-resource-collection>
         <web-resource-name>ProtectedServlets</web-resource-name>
         
		 <url-pattern>/RequestProcessor</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <role-name>MyUser</role-name>
      </auth-constraint>
   </security-constraint>
   <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>My Web Service</realm-name>
   </login-config>
   <security-role>
      <role-name>MyUser</role-name>
   </security-role>

corresponding jboss-web.xml
<jboss-web>
	<security-domain>java:/jaas/myDataBase</security-domain>
	<ejb-local-ref>
		<ejb-ref-name>
			ejb/JBossRequestProcessorSession
		</ejb-ref-name>
		<local-jndi-name>
			myDataBase/JBossRequestProcessorSession
		</local-jndi-name>
	</ejb-local-ref>
.......
.......
.......
</jboss-web>

used for the test is an internal server with an internal name test.intern so that no traffic goes out - that is all workin well in the network so no need to think about that

what happens in auth is this
the client sends
.4......HTTP/1.1.../server/RequestProcessor...192.168.0.110.....www.test.intern..P.......Basic.bWFya3VzOmFzZGZhc2Rm.....Jakarta.Commons-HttpClient/2.0.2.....www.test.intern.....36....!application/x-www-form-urlencoded...........

the jk.log says
<Unauthorized.....WWW-Authenticate..(Basic.realm="My.Web.Service"...Content-Type...text/html;charset=utf-8...

------
the cryptic string is a base64 encoded username password pair

that is the bottom of the problem - nowhere i am able to find informations if i can send this through login-config.xml into the database - i know how to say that the password is encrypted - and what the algorithm is - but not how to handle user and password within ONE base64string

my mysql statement would be like that
SELECT userID FROM logins WHERE username=? AND password=?
(password is md5 encrypted)

the second for the role would be
SELECT privilege FROM set_privileges WHERE userId=?
(privilege would be MyUser)

they are all fetched from MyDataBase

is there any help where i can find out how to handle that? (base64decode - split - md5 encode)

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4258078#4258078

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4258078



More information about the jboss-user mailing list