Re: [JBoss-user] DatabaseServerLoginModule, and column RoleGroup
For whatever reason you want an alternate named group of roles. JBoss will never care, but you might. Scott Stark Chief Technology Officer JBoss Group, LLC Bryan Field-Elliot wrote: We are exploring using JBossSX in various capacities to perform database-driven authentication and authorization. I have a question about the DatabaseServerLoginModule: The roles table requires three columns: Principal, Role, and RoleGroup. However, I can find no clear explanation online for the purpose of the RoleGroup column, and every example I find always has the string value Roles inserted into the RoleGroup column. Is there ever a useful reason why we would put anything in that column, other than the string Roles? Thank you, Bryan --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] DatabaseServerLoginModule is caching Roles Info...how to deactivate?
See Re: [JBoss-user] problem with DatabaseServerLoginModule from Laurent Belmont from Monday January 06, 2003. - Original Message - From: Victor Batista [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 07, 2003 11:06 AM Subject: [JBoss-user] DatabaseServerLoginModule is caching Roles Info...how to deactivate? Hello! My JBoss is caching the user's roles info. How can I deactivate this caching mechanism? Suppose I am logged with a User with Roles A and B. If this user changes his roles (Administrator :-)), and adds Role C, the user wan't have this permission until JBoss is restarted. If I change the roles of a user who has already loggen in any time, I get the same problem. Is it possible to deactivate this caching mechanism, and force JBoss to read data from the database every time? Any help would be welcome. Thanks in advance, Victor Batista PS - I am using JBoss 3.0.4 with bundled Tomcat 4.0.6. I am using DatabaseServerLoginModule --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] DatabaseServerLoginModule is caching Roles Info...how to deactivate?
The cache is flushed based on time which is 30 mins by default. Change this in the conf/jboss-service.xml descriptor as documented in the admin/devel book: mbean code=org.jboss.security.plugins.JaasSecurityManagerService name=jboss.security:service=JaasSecurityManager attribute name=SecurityManagerClassName org.jboss.security.plugins.JaasSecurityManager /attribute attribute name=DefaultCacheTimeout0/attribute /mbean Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: Victor Batista [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 07, 2003 8:06 AM Subject: [JBoss-user] DatabaseServerLoginModule is caching Roles Info...how to deactivate? Hello! My JBoss is caching the user's roles info. How can I deactivate this caching mechanism? Suppose I am logged with a User with Roles A and B. If this user changes his roles (Administrator :-)), and adds Role C, the user wan't have this permission until JBoss is restarted. If I change the roles of a user who has already loggen in any time, I get the same problem. Is it possible to deactivate this caching mechanism, and force JBoss to read data from the database every time? Any help would be welcome. Thanks in advance, Victor Batista PS - I am using JBoss 3.0.4 with bundled Tomcat 4.0.6. I am using DatabaseServerLoginModule --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] DatabaseServerLoginModule is caching Roles Info...how todeactivate?
Victor, we thought about this same issue, and then we remembered the following: If you change a user's groups in Linux, they won't see them until they log in again. Of course, your business people may say you have to have immediate update. Maybe you can add the user to a list in the application attributes which is checked before each response generation. If their name is in the list, they get booted off. This forces them to log in again! This is probably not the answer you wanted. Sorry! Jonathan Victor Batista [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 07.01.2003 16:06 Please respond to jboss-user To: [EMAIL PROTECTED] cc: Subject:[JBoss-user] DatabaseServerLoginModule is caching Roles Info...how to deactivate? Hello! My JBoss is caching the user's roles info. How can I deactivate this caching mechanism? Suppose I am logged with a User with Roles A and B. If this user changes his roles (Administrator :-)), and adds Role C, the user wan't have this permission until JBoss is restarted. If I change the roles of a user who has already loggen in any time, I get the same problem. Is it possible to deactivate this caching mechanism, and force JBoss to read data from the database every time? Any help would be welcome. Thanks in advance, Victor Batista PS - I am using JBoss 3.0.4 with bundled Tomcat 4.0.6. I am using DatabaseServerLoginModule --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
RE: [JBoss-user] DatabaseServerLoginModule
Problem solved. After researching the source for the security.auth.spi package (you gotta love open source) and some MySQl docs, I discovered that MySQL returns MD5() encrypted passwords in HEX format. SO I simply changed the hashEncoding to HEX, and all worked just as documented/expected. Thanks again for your assistance. -Original Message- From: Contact [mailto:contact;abilsoft.com] Sent: Tuesday, November 05, 2002 9:25 PM To: '[EMAIL PROTECTED]' Subject: RE: [JBoss-user] DatabaseServerLoginModule Scott: Thanks so much for the tip, jboss-web.xml visibility was a big part of the problem here. I am indeed much closer now - but not quite there yet. My only remaining problem is with the hashAlgorithm. Everything is working perfectly as long as I have a clear password in the database and I do not add the hashAlgorithm and hashEncoding module-options to the following section of my login-config.xml. As soon as I put an MD5'ed password in the database and add the hasAlgorithm and hashEncoding options, it stops working (with typical invalid password Error msg). application-policy name = AbilSoftRealm authentication login-module code = org.jboss.security.auth.spi.DatabaseServerLoginModule flag = requisite module-option name = dsJndiNamejava:/SecurityPool/module-option module-option name = principalsQueryselect password from users where username=?/module-option module-option name = rolesQueryselect role, rolegroup from roles where username=?/module-option module-option name = hashAlgorithmMD5/module-option module-option name = hashEncodingbase64/module-option /login-module /authentication /application-policy I am using JBoss 3.0.4 with a MySQL database. The database contains the password in MD5 encrypted format and I have verified the query by hand from a mysql prompt (to verify it returns expected MD5 encrypted password). What else do I need to do to make this encryption work? Does my princiaplsQuery need to be modified? As uunderstand from the Quick Start Guide, the hashAlgorithm will cause the clear text password retrieved from the CallBackHandler to be MD5'ed before it's passed for comparison. Since the database contains and MD5 encrypted password, these should match with the query as is? Am I missing something else? Thanks again. -Original Message- From: [EMAIL PROTECTED] [mailto:jboss-user-admin;lists.sourceforge.net] On Behalf Of Scott M Stark Sent: Tuesday, November 05, 2002 7:51 AM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] DatabaseServerLoginModule Turn on DEBUG level messages by editing the conf/lo4j.xml file and removing the param name=Threshold value=INFO/ from the FILE appender and then look of the following msgs: Binding security/securityMgr to NullSecurityManager Linking security/securityMgr to JNDI name: x Most likely the war/WEB-INF/jboss-web.xml file is not being seen. Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 04, 2002 9:37 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule Then why am I not seeing any output in the console or logfiles indicating that authentication is even occuring, let alone having any problems? Is there something in some other file that I need to modify to turn this on? I have verified the queries against my schema via mysql by hand - there doe not appear to be any problem there. I just don't think that authentication is really being processed in my environment - although the login.html is presented as expected - just not really validated against anything (always appears to return success regardless of input). Todd --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] DatabaseServerLoginModule
Turn on DEBUG level messages by editing the conf/lo4j.xml file and removing the param name=Threshold value=INFO/ from the FILE appender and then look of the following msgs: Binding security/securityMgr to NullSecurityManager Linking security/securityMgr to JNDI name: x Most likely the war/WEB-INF/jboss-web.xml file is not being seen. Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 04, 2002 9:37 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule Then why am I not seeing any output in the console or logfiles indicating that authentication is even occuring, let alone having any problems? Is there something in some other file that I need to modify to turn this on? I have verified the queries against my schema via mysql by hand - there doe not appear to be any problem there. I just don't think that authentication is really being processed in my environment - although the login.html is presented as expected - just not really validated against anything (always appears to return success regardless of input). Todd --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
RE: [JBoss-user] DatabaseServerLoginModule
Scott: Thanks so much for the tip, jboss-web.xml visibility was a big part of the problem here. I am indeed much closer now - but not quite there yet. My only remaining problem is with the hashAlgorithm. Everything is working perfectly as long as I have a clear password in the database and I do not add the hashAlgorithm and hashEncoding module-options to the following section of my login-config.xml. As soon as I put an MD5'ed password in the database and add the hasAlgorithm and hashEncoding options, it stops working (with typical invalid password Error msg). application-policy name = AbilSoftRealm authentication login-module code = org.jboss.security.auth.spi.DatabaseServerLoginModule flag = requisite module-option name = dsJndiNamejava:/SecurityPool/module-option module-option name = principalsQueryselect password from users where username=?/module-option module-option name = rolesQueryselect role, rolegroup from roles where username=?/module-option module-option name = hashAlgorithmMD5/module-option module-option name = hashEncodingbase64/module-option /login-module /authentication /application-policy I am using JBoss 3.0.4 with a MySQL database. The database contains the password in MD5 encrypted format and I have verified the query by hand from a mysql prompt (to verify it returns expected MD5 encrypted password). What else do I need to do to make this encryption work? Does my princiaplsQuery need to be modified? As uunderstand from the Quick Start Guide, the hashAlgorithm will cause the clear text password retrieved from the CallBackHandler to be MD5'ed before it's passed for comparison. Since the database contains and MD5 encrypted password, these should match with the query as is? Am I missing something else? Thanks again. -Original Message- From: [EMAIL PROTECTED] [mailto:jboss-user-admin;lists.sourceforge.net] On Behalf Of Scott M Stark Sent: Tuesday, November 05, 2002 7:51 AM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] DatabaseServerLoginModule Turn on DEBUG level messages by editing the conf/lo4j.xml file and removing the param name=Threshold value=INFO/ from the FILE appender and then look of the following msgs: Binding security/securityMgr to NullSecurityManager Linking security/securityMgr to JNDI name: x Most likely the war/WEB-INF/jboss-web.xml file is not being seen. Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 04, 2002 9:37 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule Then why am I not seeing any output in the console or logfiles indicating that authentication is even occuring, let alone having any problems? Is there something in some other file that I need to modify to turn this on? I have verified the queries against my schema via mysql by hand - there doe not appear to be any problem there. I just don't think that authentication is really being processed in my environment - although the login.html is presented as expected - just not really validated against anything (always appears to return success regardless of input). Todd --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] DatabaseServerLoginModule
Scott, Hang on a moment. But, Todd has a WEB-INF/jboss-web.xml file and the security domain is pointing to his AbilSoftRealm and not to other. Do you have to point to other for this stuff to work? And why does what Todd is doing not work? Ciao, Jonathan O'Connor Ph: +353 1 872 3305 Mob: +353 86 824 9736 Fax: +353 1 873 3612 Scott M Stark [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03.11.2002 16:50 Please respond to jboss-user To: [EMAIL PROTECTED] cc: Subject:Re: [JBoss-user] DatabaseServerLoginModule There is no jboss-web.xml descriptor describing the security domain under which authentication should occur. See the getting started guide where a WEB-INF/jboss-web.xml file is described as being required to enable security: jboss-web security-domainjava:/jaas/other/security-domain /jboss-web On Sunday, November 3, 2002, at 07:30 AM, Todd Gould wrote: Hello: I'm trying to configure the DatabaseServerLoginModule to use as an authentication mechanism for a simple JSP with simple FORM based security. I'm sure I am missing something, but have not been able to find my error(s) in the documentation or other related posts. This is with JBoss 3.0.0 with Tomcat 4.0.3. The problem is as follows: The JSP presents and appears to process the login form correctly and just as expected. The problem is that no matter what I respond to the form with for user and password, I am successfully transferred to the JSP that is supposed to be guarded. This is to say that users/pws that are in the database and any other garbabge that is not both appear to work equally well and result in successful authentication. There are no errors on the console or log that I have found. There are also no errors during startup. There are also no indications that any authentication is ocurring. I'd appreciate any and all help as I'm not sure what I'm missing at this point. Here are the relevant sections from the files: web.xml: security-constraint web-resource-collection web-resource-nameBookMarks/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namePortalUser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameAbilSoftRealm/realm-name form-login-config form-login-page/login.html/form-login-page form-error-page/login-error.html/form-error-page /form-login-config /login-config security-role role-namePortalUser/role-name /security-role jboss-web.xml: jboss-web security-domainjava:/jaas/AbilSoftRealm/security-domain /jboss-web login-config.xml: application-policy name = SecurityDbRealm authentication login-module code = org.jboss.resource.security.ConfiguredIdentityLoginModule flag = required module-option name = principaltestuser/module-option module-option name = userNametestuser/module-option module-option name = passwordpw/module-option module-option name = managedConnectionFactoryNamejboss.jca:service=LocalTxCM,name=Securit yDS/module-option /login-module /authentication /application-policy application-policy name = AbilSoftRealm authentication login-module code = org.jboss.security.auth.spi.DatabaseServerLoginModule flag = required module-option name = dsJndiNamejava:/SecurityPool/module-option module-option name = principalsQueryselect password from users where username = ?/module-option module-option name = rolesQueryselect role, rolegroup from roles where username = ?/module-option module-option name = hashAlgorithmMD5/module-option module-option name = hashEncodingbase64/module-option /login-module /authentication /application-policy Thanks again. --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] DatabaseServerLoginModule
The security-domain needs to point to a valid configuration. There is some configuration error or database schema problem. Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: Jonathan.O'[EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 04, 2002 2:23 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule Scott, Hang on a moment. But, Todd has a WEB-INF/jboss-web.xml file and the security domain is pointing to his AbilSoftRealm and not to other. Do you have to point to other for this stuff to work? And why does what Todd is doing not work? Ciao, Jonathan O'Connor Ph: +353 1 872 3305 Mob: +353 86 824 9736 Fax: +353 1 873 3612 Scott M Stark [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03.11.2002 16:50 Please respond to jboss-user To: [EMAIL PROTECTED] cc: Subject:Re: [JBoss-user] DatabaseServerLoginModule There is no jboss-web.xml descriptor describing the security domain under which authentication should occur. See the getting started guide where a WEB-INF/jboss-web.xml file is described as being required to enable security: jboss-web security-domainjava:/jaas/other/security-domain /jboss-web On Sunday, November 3, 2002, at 07:30 AM, Todd Gould wrote: Hello: I'm trying to configure the DatabaseServerLoginModule to use as an authentication mechanism for a simple JSP with simple FORM based security. I'm sure I am missing something, but have not been able to find my error(s) in the documentation or other related posts. This is with JBoss 3.0.0 with Tomcat 4.0.3. The problem is as follows: The JSP presents and appears to process the login form correctly and just as expected. The problem is that no matter what I respond to the form with for user and password, I am successfully transferred to the JSP that is supposed to be guarded. This is to say that users/pws that are in the database and any other garbabge that is not both appear to work equally well and result in successful authentication. There are no errors on the console or log that I have found. There are also no errors during startup. There are also no indications that any authentication is ocurring. I'd appreciate any and all help as I'm not sure what I'm missing at this point. Here are the relevant sections from the files: web.xml: security-constraint web-resource-collection web-resource-nameBookMarks/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namePortalUser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameAbilSoftRealm/realm-name form-login-config form-login-page/login.html/form-login-page form-error-page/login-error.html/form-error-page /form-login-config /login-config security-role role-namePortalUser/role-name /security-role jboss-web.xml: jboss-web security-domainjava:/jaas/AbilSoftRealm/security-domain /jboss-web login-config.xml: application-policy name = SecurityDbRealm authentication login-module code = org.jboss.resource.security.ConfiguredIdentityLoginModule flag = required module-option name = principaltestuser/module-option module-option name = userNametestuser/module-option module-option name = passwordpw/module-option module-option name = managedConnectionFactoryNamejboss.jca:service=LocalTxCM,name=Securit yDS/module-option /login-module /authentication /application-policy application-policy name = AbilSoftRealm authentication login-module code = org.jboss.security.auth.spi.DatabaseServerLoginModule flag = required module-option name = dsJndiNamejava:/SecurityPool/module-option module-option name = principalsQueryselect password from users where username = ?/module-option module-option name = rolesQueryselect role, rolegroup from roles where username = ?/module-option module-option name = hashAlgorithmMD5/module-option module-option name = hashEncodingbase64/module-option /login-module /authentication /application-policy Thanks again. --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] DatabaseServerLoginModule
Then why am I not seeing any output in the console or logfiles indicating that authentication is even occuring, let alone having any problems? Is there something in some other file that I need to modify to turn this on? I have verified the queries against my schema via mysql by hand - there doe not appear to be any problem there. I just don't think that authentication is really being processed in my environment - although the login.html is presented as expected - just not really validated against anything (always appears to return success regardless of input). Todd -- The security-domain needs to point to a valid configuration. There is some configuration error or database schema problem. Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: Jonathan.O'[EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 04, 2002 2:23 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule Scott, Hang on a moment. But, Todd has a WEB-INF/jboss-web.xml file and the security domain is pointing to his AbilSoftRealm and not to other. Do you have to point to other for this stuff to work? And why does what Todd is doing not work? Ciao, Jonathan O'Connor Ph: +353 1 872 3305 Mob: +353 86 824 9736 Fax: +353 1 873 3612 Scott M Stark [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03.11.2002 16:50 Please respond to jboss-user To: [EMAIL PROTECTED] cc: Subject:Re: [JBoss-user] DatabaseServerLoginModule There is no jboss-web.xml descriptor describing the security domain under which authentication should occur. See the getting started guide where a WEB-INF/jboss-web.xml file is described as being required to enable security: jboss-web security-domainjava:/jaas/other/security-domain /jboss-web On Sunday, November 3, 2002, at 07:30 AM, Todd Gould wrote: Hello: I'm trying to configure the DatabaseServerLoginModule to use as an authentication mechanism for a simple JSP with simple FORM based security. I'm sure I am missing something, but have not been able to find my error(s) in the documentation or other related posts. This is with JBoss 3.0.0 with Tomcat 4.0.3. The problem is as follows: The JSP presents and appears to process the login form correctly and just as expected. The problem is that no matter what I respond to the form with for user and password, I am successfully transferred to the JSP that is supposed to be guarded. This is to say that users/pws that are in the database and any other garbabge that is not both appear to work equally well and result in successful authentication. There are no errors on the console or log that I have found. There are also no errors during startup. There are also no indications that any authentication is ocurring. I'd appreciate any and all help as I'm not sure what I'm missing at this point. Here are the relevant sections from the files: web.xml: security-constraint web-resource-collection web-resource-nameBookMarks/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namePortalUser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameAbilSoftRealm/realm-name form-login-config form-login-page/login.html/form-login-page form-error-page/login-error.html/form-error-page /form-login-config /login-config security-role role-namePortalUser/role-name /security-role jboss-web.xml: jboss-web security-domainjava:/jaas/AbilSoftRealm/security-domain /jboss-web login-config.xml: application-policy name = SecurityDbRealm authentication login-module code = org.jboss.resource.security.ConfiguredIdentityLoginModule flag = required module-option name = principaltestuser/module-option module-option name = userNametestuser/module-option module-option name = passwordpw/module-option module-option name = managedConnectionFactoryNamejboss.jca:service=LocalTxCM,name=Securit yDS/module-option /login-module /authentication /application-policy application-policy name = AbilSoftRealm authentication login-module code = org.jboss.security.auth.spi.DatabaseServerLoginModule flag = required module-option name = dsJndiNamejava:/SecurityPool/module-option module-option name = principalsQueryselect password from users where username = ?/module-option module-option name = rolesQueryselect role, rolegroup from roles where username = ?/module-option module-option name = hashAlgorithmMD5/module-option module-option name = hashEncodingbase64/module-option /login-module /authentication /application-policy Thanks again. --- This SF.net email is sponsored by: ApacheCon
Re: [JBoss-user] DatabaseServerLoginModule
There is no jboss-web.xml descriptor describing the security domain under which authentication should occur. See the getting started guide where a WEB-INF/jboss-web.xml file is described as being required to enable security: jboss-web security-domainjava:/jaas/other/security-domain /jboss-web On Sunday, November 3, 2002, at 07:30 AM, Todd Gould wrote: Hello: I'm trying to configure the DatabaseServerLoginModule to use as an authentication mechanism for a simple JSP with simple FORM based security. I'm sure I am missing something, but have not been able to find my error(s) in the documentation or other related posts. This is with JBoss 3.0.0 with Tomcat 4.0.3. The problem is as follows: The JSP presents and appears to process the login form correctly and just as expected. The problem is that no matter what I respond to the form with for user and password, I am successfully transferred to the JSP that is supposed to be guarded. This is to say that users/pws that are in the database and any other garbabge that is not both appear to work equally well and result in successful authentication. There are no errors on the console or log that I have found. There are also no errors during startup. There are also no indications that any authentication is ocurring. I'd appreciate any and all help as I'm not sure what I'm missing at this point. Here are the relevant sections from the files: web.xml: security-constraint web-resource-collection web-resource-nameBookMarks/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namePortalUser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameAbilSoftRealm/realm-name form-login-config form-login-page/login.html/form-login-page form-error-page/login-error.html/form-error-page /form-login-config /login-config security-role role-namePortalUser/role-name /security-role jboss-web.xml: jboss-web security-domainjava:/jaas/AbilSoftRealm/security-domain /jboss-web login-config.xml: application-policy name = SecurityDbRealm authentication login-module code = org.jboss.resource.security.ConfiguredIdentityLoginModule flag = required module-option name = principaltestuser/module-option module-option name = userNametestuser/module-option module-option name = passwordpw/module-option module-option name = managedConnectionFactoryNamejboss.jca:service=LocalTxCM,name=Securit yDS/module-option /login-module /authentication /application-policy application-policy name = AbilSoftRealm authentication login-module code = org.jboss.security.auth.spi.DatabaseServerLoginModule flag = required module-option name = dsJndiNamejava:/SecurityPool/module-option module-option name = principalsQueryselect password from users where username = ?/module-option module-option name = rolesQueryselect role, rolegroup from roles where username = ?/module-option module-option name = hashAlgorithmMD5/module-option module-option name = hashEncodingbase64/module-option /login-module /authentication /application-policy Thanks again. --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
RE: [JBoss-user] DatabaseServerLoginModule
Thanks for the info and by the way, I have been working straight from the Quick Start Guide draft 3. I've modified by jboss-web.xml to be exactly as you listed below with no apparent impact on the behavior.I'm still getting the behavior as described below. Any help at all will be greatly appreciated! Thanks, Todd -Original Message- From: [EMAIL PROTECTED] [mailto:jboss-user-admin;lists.sourceforge.net] On Behalf Of Scott M Stark Sent: Sunday, November 03, 2002 9:51 AM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] DatabaseServerLoginModule There is no jboss-web.xml descriptor describing the security domain under which authentication should occur. See the getting started guide where a WEB-INF/jboss-web.xml file is described as being required to enable security: jboss-web security-domainjava:/jaas/other/security-domain /jboss-web On Sunday, November 3, 2002, at 07:30 AM, Todd Gould wrote: Hello: I'm trying to configure the DatabaseServerLoginModule to use as an authentication mechanism for a simple JSP with simple FORM based security. I'm sure I am missing something, but have not been able to find my error(s) in the documentation or other related posts. This is with JBoss 3.0.0 with Tomcat 4.0.3. The problem is as follows: The JSP presents and appears to process the login form correctly and just as expected. The problem is that no matter what I respond to the form with for user and password, I am successfully transferred to the JSP that is supposed to be guarded. This is to say that users/pws that are in the database and any other garbabge that is not both appear to work equally well and result in successful authentication. There are no errors on the console or log that I have found. There are also no errors during startup. There are also no indications that any authentication is ocurring. I'd appreciate any and all help as I'm not sure what I'm missing at this point. Here are the relevant sections from the files: web.xml: security-constraint web-resource-collection web-resource-nameBookMarks/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namePortalUser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameAbilSoftRealm/realm-name form-login-config form-login-page/login.html/form-login-page form-error-page/login-error.html/form-error-page /form-login-config /login-config security-role role-namePortalUser/role-name /security-role jboss-web.xml: jboss-web security-domainjava:/jaas/AbilSoftRealm/security-domain /jboss-web login-config.xml: application-policy name = SecurityDbRealm authentication login-module code = org.jboss.resource.security.ConfiguredIdentityLoginModule flag = required module-option name = principaltestuser/module-option module-option name = userNametestuser/module-option module-option name = passwordpw/module-option module-option name = managedConnectionFactoryNamejboss.jca:service=LocalTxCM,name=Securit yDS/module-option /login-module /authentication /application-policy application-policy name = AbilSoftRealm authentication login-module code = org.jboss.security.auth.spi.DatabaseServerLoginModule flag = required module-option name = dsJndiNamejava:/SecurityPool/module-option module-option name = principalsQueryselect password from users where username = ?/module-option module-option name = rolesQueryselect role, rolegroup from roles where username = ?/module-option module-option name = hashAlgorithmMD5/module-option module-option name = hashEncodingbase64/module-option /login-module /authentication /application-policy Thanks again. --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] DatabaseServerLoginModule - failing authentication?
On Sunday 27 October 2002 12:26 pm, John Snyder wrote: Hello all, I am trying to use the DatabaseServerLoginModule with jboss-3.0.0_tomcat-4.0.3, using a FORM login. All I am trying to do at this point is to secure a JSP page called Office.jsp. When I try to go to the JSP page, the login page comes up, as expected based on the web.xml configuration. When I fill in the username and password (for j_username and j_password), then click the submit button (action=j_security_check), the JBoss console displays, Added PC_CloudscapeDbRealm, org.jboss.security.plugins.SecurityDomainContext@a631cc to map, which I believe is telling me that JBoss is applying the PC_CloudscapeDbRealm security realm, which is what I want. My problem is twofold: First, I am not authenticated when I log in with a username/password combination that should pass authentication (the combination is in my security table). Well, here's some information from an application that I've been writing that seems to work just fine. In my web.xml I've specified a security constraint that looks like this: security-constraint web-resource-collection web-resource-name web-resource-nameAdminApp/web-resource-name url-pattern/admin/*/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-contraint role-nameadmin/role-name /auth-constraint /security-constraint So notice that I've specified some http-method blocks. I don't think it would make a difference, but you could try it (I don't know of defaults). Also, my experience has been that if a page isn't protected with a security constraint in an application, then the security credentials won't be available to that page. I suppose it makes sense, but it was unexpected behaviour to me. But that's probably not your problem either. Now, my login-config in web.xml looks like this: login-config auth-methodFORM/auth-method realm-namePlayground/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/loginError.jsp/form-error-page /form-login-config /login-config Again, yours is identical, modulo page and realm differences. So that's not your problem either. In my jboss-web.xml file, I have something like this: jboss-web security-domainjava:/jaas/PLAYGROUND/security-domain ... /jboss-web Again, I think you're good. Now, in my login-config.xml file, I've done things a little differently. I am using MySQL, and have set up a MySqlDbRealm application-policy similar to your CloudscapeDbRealm. My PLAYGROUND application-policy is similar to yours, but it doesn't contain a managedConnectionFactoryName option, and the flag is 'sufficient' in mine, instead of required. application-policy name=PLAYGROUND authentication login-module code=org.jboss.security.auth.spi.DatabaseServerLoginModule flag=sufficient module-option name=dsJndiNamejava:/MySqlDS/module-option module-option name=principalsQuerySELECT Password FROM USERBASE_PRINCIPALS where PrincipalID=?/module-option module-option name=rolesQuerySELECT Role, RoleGroup FROM USERBASE_ROLES where PrincipalID=?/module-option module-option name=unauthenticatedIdentityguest/module-option /login-module /authentication /application-policy Here the unauthenticatedIdentity doesn't seem to have any effect, I just put it there to see if it would. I assume you've tested the SQL statements and they all work for you. I can't see any major places that you may have made a mistake. Second, if authentication fails, I should be redirected to the failed login page specified in my web.xml file, but I am not -- instead, the web browser just displays a Status 403 page, saying, message Access to the requested resource has been denied and description Access to the specified resource (Access to the requested resource has been denied) has been forbidden. Can anyone please explain this behavior, and more importantly, how to fix it? The relevant configuration files are as follows (in relevant part): Well, I was getting this as well, and what you can do about it is add a section to your web.xml file like the following: error-page error-code403/error-code location/authorizationError.jsp/location /error-page The only time I've been able to see the page specified by form-error-page is if the Roles for a user are not sufficient. If the username and password are incorrect, you'll get a 403 instead. I hope some of this helps you. Cheers. -Neal --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ___ JBoss-user mailing list [EMAIL PROTECTED]
Re: [JBoss-user] DatabaseServerLoginModule - failing authentication?
Well, I was getting this as well, and what you can do about it is add a section to your web.xml file like the following: error-page error-code403/error-code location/authorizationError.jsp/location /error-page The only time I've been able to see the page specified by form-error-page is if the Roles for a user are not sufficient. If the username and password are incorrect, you'll get a 403 instead. Or, the other way around, now that I think about it more. -Neal --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] DatabaseServerLoginModule - failing authentication?
I don't know what I am going to ask fits with this thread well. But my question is: Say I have to a bean, name CompanyHandlerBean. I want only my web (Tomcat or Jetty) to be able to call the methods (say registerCompany) in this bean. Now there is not log in process.--Any user can go to my registercompay.jsp page. How do I set up the security that only my web application can access my CompanyHandlerBean? Bascially, I don't want anyone who knows my ip and the name of the bean to call it from anywhere. Any help or pointers will be greatly appreciated. Thanks, Derek - Original Message - From: Neal Sanche [EMAIL PROTECTED] To: [EMAIL PROTECTED]; John Snyder [EMAIL PROTECTED] Sent: Sunday, October 27, 2002 10:58 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule - failing authentication? On Sunday 27 October 2002 12:26 pm, John Snyder wrote: Hello all, I am trying to use the DatabaseServerLoginModule with jboss-3.0.0_tomcat-4.0.3, using a FORM login. All I am trying to do at this point is to secure a JSP page called Office.jsp. When I try to go to the JSP page, the login page comes up, as expected based on the web.xml configuration. When I fill in the username and password (for j_username and j_password), then click the submit button (action=j_security_check), the JBoss console displays, Added PC_CloudscapeDbRealm, org.jboss.security.plugins.SecurityDomainContext@a631cc to map, which I believe is telling me that JBoss is applying the PC_CloudscapeDbRealm security realm, which is what I want. My problem is twofold: First, I am not authenticated when I log in with a username/password combination that should pass authentication (the combination is in my security table). Well, here's some information from an application that I've been writing that seems to work just fine. In my web.xml I've specified a security constraint that looks like this: security-constraint web-resource-collection web-resource-name web-resource-nameAdminApp/web-resource-name url-pattern/admin/*/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-contraint role-nameadmin/role-name /auth-constraint /security-constraint So notice that I've specified some http-method blocks. I don't think it would make a difference, but you could try it (I don't know of defaults). Also, my experience has been that if a page isn't protected with a security constraint in an application, then the security credentials won't be available to that page. I suppose it makes sense, but it was unexpected behaviour to me. But that's probably not your problem either. Now, my login-config in web.xml looks like this: login-config auth-methodFORM/auth-method realm-namePlayground/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/loginError.jsp/form-error-page /form-login-config /login-config Again, yours is identical, modulo page and realm differences. So that's not your problem either. In my jboss-web.xml file, I have something like this: jboss-web security-domainjava:/jaas/PLAYGROUND/security-domain ... /jboss-web Again, I think you're good. Now, in my login-config.xml file, I've done things a little differently. I am using MySQL, and have set up a MySqlDbRealm application-policy similar to your CloudscapeDbRealm. My PLAYGROUND application-policy is similar to yours, but it doesn't contain a managedConnectionFactoryName option, and the flag is 'sufficient' in mine, instead of required. application-policy name=PLAYGROUND authentication login-module code=org.jboss.security.auth.spi.DatabaseServerLoginModule flag=sufficient module-option name=dsJndiNamejava:/MySqlDS/module-option module-option name=principalsQuerySELECT Password FROM USERBASE_PRINCIPALS where PrincipalID=?/module-option module-option name=rolesQuerySELECT Role, RoleGroup FROM USERBASE_ROLES where PrincipalID=?/module-option module-option name=unauthenticatedIdentityguest/module-option /login-module /authentication /application-policy Here the unauthenticatedIdentity doesn't seem to have any effect, I just put it there to see if it would. I assume you've tested the SQL statements and they all work for you. I can't see any major places that you may have made a mistake. Second, if authentication fails, I should be redirected to the failed login page specified in my web.xml file, but I am not -- instead, the web browser just displays a Status 403 page, saying, message Access to the requested resource has been denied and description Access to the specified resource (Access to the requested resource has been denied) has been forbidden. Can anyone please explain this behavior, and more importantly, how to fix it? The relevant configuration files are as follows (in relevant part): Well, I was getting this as well
Re: [JBoss-user] DatabaseServerLoginModule - failing authentication?
Well, Derek, It seems the solution to your problem would be to learn and implement a Local interface to the CompanyHandlerBean. That would make it next to impossible for anything outside to be able to call it. It would only be accessible from within the same JVM. Now, other ways to secure the bean would be to firewall the machine and not allow access to the RMI lookup ports... but really, I think the best solution is to simply not implement a remote interface if you don't need one. It'll improve performance a little too, although local access to RMI classes can be set up to perform like local interfaces too. If you're talking about restricting access to your registercompany.jsp page, you'll have to go through the steps outlined in the other messages in this thread to put the .jsp page under a security-constraint, set up users and roles for your application, set up a login-config and a security domain, and protect that .jsp from access by anyone other than users with the declared roles you establish. Declarative security. If you want help with that after you've gone through the steps, I'd be happy to expound more on it. Cheers. -Neal On Sunday 27 October 2002 03:43 pm, Derek Lin wrote: I don't know what I am going to ask fits with this thread well. But my question is: Say I have to a bean, name CompanyHandlerBean. I want only my web (Tomcat or Jetty) to be able to call the methods (say registerCompany) in this bean. Now there is not log in process.--Any user can go to my registercompay.jsp page. How do I set up the security that only my web application can access my CompanyHandlerBean? Bascially, I don't want anyone who knows my ip and the name of the bean to call it from anywhere. Any help or pointers will be greatly appreciated. Thanks, Derek - Original Message - From: Neal Sanche [EMAIL PROTECTED] To: [EMAIL PROTECTED]; John Snyder [EMAIL PROTECTED] Sent: Sunday, October 27, 2002 10:58 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule - failing authentication? On Sunday 27 October 2002 12:26 pm, John Snyder wrote: Hello all, I am trying to use the DatabaseServerLoginModule with jboss-3.0.0_tomcat-4.0.3, using a FORM login. All I am trying to do at this point is to secure a JSP page called Office.jsp. When I try to go to the JSP page, the login page comes up, as expected based on the web.xml configuration. When I fill in the username and password (for j_username and j_password), then click the submit button (action=j_security_check), the JBoss console displays, Added PC_CloudscapeDbRealm, org.jboss.security.plugins.SecurityDomainContext@a631cc to map, which I believe is telling me that JBoss is applying the PC_CloudscapeDbRealm security realm, which is what I want. My problem is twofold: First, I am not authenticated when I log in with a username/password combination that should pass authentication (the combination is in my security table). Well, here's some information from an application that I've been writing that seems to work just fine. In my web.xml I've specified a security constraint that looks like this: security-constraint web-resource-collection web-resource-name web-resource-nameAdminApp/web-resource-name url-pattern/admin/*/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-contraint role-nameadmin/role-name /auth-constraint /security-constraint So notice that I've specified some http-method blocks. I don't think it would make a difference, but you could try it (I don't know of defaults). Also, my experience has been that if a page isn't protected with a security constraint in an application, then the security credentials won't be available to that page. I suppose it makes sense, but it was unexpected behaviour to me. But that's probably not your problem either. Now, my login-config in web.xml looks like this: login-config auth-methodFORM/auth-method realm-namePlayground/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/loginError.jsp/form-error-page /form-login-config /login-config Again, yours is identical, modulo page and realm differences. So that's not your problem either. In my jboss-web.xml file, I have something like this: jboss-web security-domainjava:/jaas/PLAYGROUND/security-domain ... /jboss-web Again, I think you're good. Now, in my login-config.xml file, I've done things a little differently. I am using MySQL, and have set up a MySqlDbRealm application-policy similar to your CloudscapeDbRealm. My PLAYGROUND application-policy is similar to yours, but it doesn't contain a managedConnectionFactoryName option, and the flag is 'sufficient' in mine, instead of required. application-policy name=PLAYGROUND authentication
Re: [JBoss-user] DatabaseServerLoginModule - failing authentication?
Neal, Thanks for your pointers and the offer for further help. Implementing only the local interface might solve my problem. But doesn't that defeats the whole remote access and portability (a bean can be anywhere) idea behind EJB's? -- What if I host the bean on the different box than the box in which my web app resides? (would that cause problems with clustering too? -- I'm thinking ahead here) How are people doing this in production env.?--Using firewall, ip detection...? (I'll address my questions to you when I have problems with the databaseloginmodule implementation. Thanks.) -- Derek - Original Message - From: Neal Sanche [EMAIL PROTECTED] To: [EMAIL PROTECTED]; Derek Lin [EMAIL PROTECTED] Sent: Sunday, October 27, 2002 4:55 PM Subject: Re: [JBoss-user] DatabaseServerLoginModule - failing authentication? Well, Derek, It seems the solution to your problem would be to learn and implement a Local interface to the CompanyHandlerBean. That would make it next to impossible for anything outside to be able to call it. It would only be accessible from within the same JVM. Now, other ways to secure the bean would be to firewall the machine and not allow access to the RMI lookup ports... but really, I think the best solution is to simply not implement a remote interface if you don't need one. It'll improve performance a little too, although local access to RMI classes can be set up to perform like local interfaces too. If you're talking about restricting access to your registercompany.jsp page, you'll have to go through the steps outlined in the other messages in this thread to put the .jsp page under a security-constraint, set up users and roles for your application, set up a login-config and a security domain, and protect that .jsp from access by anyone other than users with the declared roles you establish. Declarative security. If you want help with that after you've gone through the steps, I'd be happy to expound more on it. Cheers. -Neal On Sunday 27 October 2002 03:43 pm, Derek Lin wrote: I don't know what I am going to ask fits with this thread well. But my question is: Say I have to a bean, name CompanyHandlerBean. I want only my web (Tomcat or Jetty) to be able to call the methods (say registerCompany) in this bean. Now there is not log in process.--Any user can go to my registercompay.jsp page. How do I set up the security that only my web application can access my CompanyHandlerBean? Bascially, I don't want anyone who knows my ip and the name of the bean to call it from anywhere. Any help or pointers will be greatly appreciated. Thanks, Derek - Original Message - From: Neal Sanche [EMAIL PROTECTED] To: [EMAIL PROTECTED]; John Snyder [EMAIL PROTECTED] Sent: Sunday, October 27, 2002 10:58 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule - failing authentication? On Sunday 27 October 2002 12:26 pm, John Snyder wrote: Hello all, I am trying to use the DatabaseServerLoginModule with jboss-3.0.0_tomcat-4.0.3, using a FORM login. All I am trying to do at this point is to secure a JSP page called Office.jsp. When I try to go to the JSP page, the login page comes up, as expected based on the web.xml configuration. When I fill in the username and password (for j_username and j_password), then click the submit button (action=j_security_check), the JBoss console displays, Added PC_CloudscapeDbRealm, org.jboss.security.plugins.SecurityDomainContext@a631cc to map, which I believe is telling me that JBoss is applying the PC_CloudscapeDbRealm security realm, which is what I want. My problem is twofold: First, I am not authenticated when I log in with a username/password combination that should pass authentication (the combination is in my security table). Well, here's some information from an application that I've been writing that seems to work just fine. In my web.xml I've specified a security constraint that looks like this: security-constraint web-resource-collection web-resource-name web-resource-nameAdminApp/web-resource-name url-pattern/admin/*/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-contraint role-nameadmin/role-name /auth-constraint /security-constraint So notice that I've specified some http-method blocks. I don't think it would make a difference, but you could try it (I don't know of defaults). Also, my experience has been that if a page isn't protected with a security constraint in an application, then the security credentials won't be available to that page. I suppose it makes sense, but it was unexpected behaviour to me. But that's probably not your problem either. Now, my login-config in web.xml looks like this: login-config
Re: [JBoss-user] DatabaseServerLoginModule
You can look at the source code here: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/jboss/jbosssx/src/main/org/jb oss/security/auth/spi/DatabaseServerLoginModule.java I have used it without any problems in JBoss release 2.2.2. Mike - Original Message - From: Nicolai P Guba [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 11, 2001 5:04 AM Subject: [JBoss-user] DatabaseServerLoginModule http://www.jboss.org/documentation/HTML/ch09s17.html talks about this module but I can neither find the API doc nor the file. Is this one still alive? -- Nicolai P Gubahttp://www.gnu.org http://www.frontwire.com mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] GSM: +44 (0)7909 960 751 DDI: +44 (0)20 7368 9708 ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user