Hi, I'm developing a J2EE application with JBoss and Tomcat
I have a problem with authentication using the DataBaseServerLoginModule on SQLServer under the JNDI name SQLServerPool I have created the tables: PRINCIPALS : principalid varchar(64), password varchar(64), primary key(principalid) with the row ('guest','guest') and the row ('vincini','vincini') ROLES : principalid varchar(64), role varchar(64), rolegroup varchar(64), primary key (principalid), foreign key (principalid) references PRINCIPALS with the row ('guest','studente','studente') and the row ('vincini','docente','docente') I have put the following jboss-web.xml in the WEB-INF directory: <?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>java:/jaas/modulojdbc</security-domain> </jboss-web> Then I have inserted these lines in the auth.conf file: modulojdbc { org.jboss.security.auth.spi.DatabaseServerLoginModule required dsJndiName="java:/SQLServerPool" principalsQuery="SELECT Password FROM PRINCIPALS WHERE principalid=?" rolesQuery="SELECT Role, RoleGroup FROM ROLES WHERE principalid=?"; }; Finally I have these lines in the web.xml file: <security-constraint> <web-resource-collection> <url-pattern>/page.jsp</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>docente</role-name> </auth-constraint> </security-constraint> So the problem is that the server executes the authentication correctly 'cause I got the message: [Default] User 'vincini' authenticated. but it seems it can't recognize the user role 'cause I got a 403 error. What am I missing? Thanks in advance. _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user