There is no jboss-web.xml descriptor describing the security domain under which authentication should occur. See the getting started guide where a WEB-INF/jboss-web.xml file is described as being required to enable security:
<jboss-web> <security-domain>java:/jaas/other</security-domain> </jboss-web> On Sunday, November 3, 2002, at 07:30 AM, Todd Gould wrote:
Hello:
I'm trying to configure the DatabaseServerLoginModule to use as an
authentication mechanism for a simple JSP with simple FORM based
security. I'm sure I am missing something, but have not been able to
find my error(s) in the documentation or other related posts. This is
with JBoss 3.0.0 with Tomcat 4.0.3.
The problem is as follows: The JSP presents and appears to process the
login form correctly and just as expected. The problem is that no matter
what I respond to the form with for user and password, I am successfully
transferred to the JSP that is supposed to be guarded. This is to say
that users/pws that are in the database and any other garbabge that is
not both appear to work equally well and result in successful
authentication. There are no errors on the console or log that I have
found. There are also no errors during startup. There are also no
indications that any authentication is ocurring.
I'd appreciate any and all help as I'm not sure what I'm missing at this
point.
Here are the relevant sections from the files:
web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>BookMarks</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>PortalUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>AbilSoftRealm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login-error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>PortalUser</role-name>
</security-role>
jboss-web.xml:
<jboss-web> <security-domain>java:/jaas/AbilSoftRealm</security-domain>
</jboss-web>
login-config.xml:
<application-policy name = "SecurityDbRealm">
<authentication>
<login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule" flag =
"required">
<module-option name = "principal">testuser</module-option>
<module-option name = "userName">testuser</module-option>
<module-option name = "password">pw</module-option>
<module-option name =
"managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=Securit yDS</module-option>
</login-module>
</authentication>
</application-policy>
<application-policy name = "AbilSoftRealm">
<authentication>
<login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/SecurityPool</module-option>
<module-option name = "principalsQuery">select password from users
where username = ?</module-option>
<module-option name = "rolesQuery">select role, rolegroup from roles
where username = ?</module-option>
<module-option name = "hashAlgorithm">MD5</module-option>
<module-option name = "hashEncoding">base64</module-option>
</login-module>
</authentication>
</application-policy>
Thanks again.
------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
