Hi,
I'm developing a J2EE application with JBoss and Tomcat
I have a problem with authentication using the DataBaseServerLoginModule on SQLServer
under the JNDI name SQLServerPool
I have created the tables:
PRINCIPALS :
principalid varchar(64),
password varchar(64),
primary key(principalid)
with the row ('guest','guest')
and the row ('vincini','vincini')
ROLES :
principalid varchar(64),
role varchar(64),
rolegroup varchar(64),
primary key (principalid),
foreign key (principalid) references PRINCIPALS
with the row ('guest','studente','studente')
and the row ('vincini','docente','docente')
I have put the following jboss-web.xml in the WEB-INF directory:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/modulojdbc</security-domain>
</jboss-web>
Then I have inserted these lines in the auth.conf file:
modulojdbc {
org.jboss.security.auth.spi.DatabaseServerLoginModule required
dsJndiName="java:/SQLServerPool"
principalsQuery="SELECT Password FROM PRINCIPALS WHERE principalid=?"
rolesQuery="SELECT Role, RoleGroup FROM ROLES WHERE principalid=?";
};
Finally I have these lines in the web.xml file:
<security-constraint>
<web-resource-collection>
<url-pattern>/page.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>docente</role-name>
</auth-constraint>
</security-constraint>
So the problem is that the server executes the authentication correctly 'cause I
got the message:
[Default] User 'vincini' authenticated.
but it seems it can't recognize the user role 'cause I got a 403 error.
What am I missing?
Thanks in advance.
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
