Try changing rolesQuery to return two columns named Role and RoleGroup, <module-option name="rolesQuery">select 'Operator', 'Roles' from operator where login_name=?</module-option>
To <module-option name="rolesQuery">select 'Operator' as Role, 'Roles' as RoleGroup from operator where login_name=?</module-option> Dan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Whitmarsh Sent: Thursday, June 05, 2003 2:42 PM To: [EMAIL PROTECTED] Subject: [JBoss-user] Web security problem I'm trying to enable web security on a j2ee application under jboss-3.2.0_tomcat-4.1.24. Problem is that After making (what I think is) all the necessary config changes, I always get a 403 error from tomcat when accessing secure pages - the browser doesn't display a login screen. There are no messages in the log. In my jboss-web.xml I have: <jboss-web> <security-domain>java:/jaas/webenrolOperRealm</security-domain> </jboss-web> In web.xml I have: <security-constraint> <web-resource-collection> <web-resource-name>OperatorPages</web-resource-name> <url-pattern>/secure/*</url-pattern> </web-resource-collection> <auth-constraint> <description> Pages that require authenticated operator access </description> <role-name>Operator</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Webenrol Organisation Administration</realm-name> </login-config> and in my login-config.xml I have: <application-policy name = "webenrolOperRealm"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/PostgresDS</module-option> <module-option name="principalsQuery">select password from operator where login_name=?</module-option> <module-option name="rolesQuery">select 'Operator', 'Roles' from operator where login_name=?</module-option> <module-option name="unauthenticatedIdentity">Stranger</module-option> </login-module> </authentication> </application-policy> When I do an explicit login using a LoginContext, the login works fine. I'm sure I must be missing something really dumb and obvious but I've been round the houses on this several times now with no progress, so I'd be grateful if anyone can give me any ideas what I might have missed. David -- David Whitmarsh Sparkle Computer Co Ltd Systems Development and Consultancy UNIX/LINUX/Windows, C/C++/perl/java Sybase Internet, Intranet, Security web: www.sparkle-cc.co.uk mob: +44 (0)7802 537097 ========================================== ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
