Ok, I tried that with no difference. I don't think the problem lies in the login-config entry itself because that does work if I use it from code with a LoginContext.
David On Thu, 2003-06-05 at 20:35, Dan Durkin wrote: > Try changing rolesQuery to return two columns named Role and RoleGroup, > > <module-option name="rolesQuery">select 'Operator', 'Roles' from > operator where login_name=?</module-option> > > To > > <module-option name="rolesQuery">select 'Operator' as Role, 'Roles' as > RoleGroup from operator where login_name=?</module-option> > > Dan > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David > Whitmarsh > Sent: Thursday, June 05, 2003 2:42 PM > To: [EMAIL PROTECTED] > Subject: [JBoss-user] Web security problem > > > I'm trying to enable web security on a j2ee application under > jboss-3.2.0_tomcat-4.1.24. Problem is that After making (what I think > is) all the necessary config changes, I always get a 403 error from > tomcat when accessing secure pages - the browser doesn't display a login > screen. There are no messages in the log. > > In my jboss-web.xml I have: > > > <jboss-web> > > <security-domain>java:/jaas/webenrolOperRealm</security-domain> > > </jboss-web> > > In web.xml I have: > > <security-constraint> > <web-resource-collection> > <web-resource-name>OperatorPages</web-resource-name> > <url-pattern>/secure/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <description> > Pages that require authenticated operator access > </description> > <role-name>Operator</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>Webenrol Organisation Administration</realm-name> > </login-config> > > > and in my login-config.xml I have: > <application-policy name = "webenrolOperRealm"> > <authentication> > <login-module code = > "org.jboss.security.auth.spi.DatabaseServerLoginModule" > flag="required"> > <module-option > name="dsJndiName">java:/PostgresDS</module-option> > <module-option name="principalsQuery">select password from > operator where login_name=?</module-option> > <module-option name="rolesQuery">select 'Operator', 'Roles' > from operator where login_name=?</module-option> > <module-option > name="unauthenticatedIdentity">Stranger</module-option> > </login-module> > </authentication> > > </application-policy> > > > When I do an explicit login using a LoginContext, the login works fine. > > I'm sure I must be missing something really dumb and obvious but I've > been round the houses on this several times now with no progress, so I'd > be grateful if anyone can give me any ideas what I might have missed. > > David > > -- > > David Whitmarsh > Sparkle Computer Co Ltd > Systems Development and Consultancy > UNIX/LINUX/Windows, C/C++/perl/java Sybase > Internet, Intranet, Security > > web: www.sparkle-cc.co.uk > mob: +44 (0)7802 537097 > > ========================================== > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Etnus, makers of TotalView, The best > thread debugger on the planet. Designed with thread debugging features > you've never dreamed of, try TotalView 6 free at www.etnus.com. > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user -- David Whitmarsh Sparkle Computer Co Ltd Systems Development and Consultancy UNIX/LINUX/Windows, C/C++/perl/java Sybase Internet, Intranet, Security web: www.sparkle-cc.co.uk mob: +44 (0)7802 537097 ========================================== ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
