[jboss-user] [Security & JAAS/JBoss] - JAAS and DatabaseServerLoginModule

Wed, 02 Aug 2006 17:13:53 -0700 

Hi,

I am trying to configure Jaas with DatabaseServerLoginModule, I have the 
following setup: 

login-config.xml

    <application-policy name="db_Sec_realm">
  |        <authentication>
  |           <login-module 
code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
  |              flag="required">
  |              <module-option name="dsJndiName">java:/login_ds</module-option>
  |              <module-option name="principalsQuery">
  |                 SELECT PASSWORD FROM USER WHERE LOWER(USERNAME) = 
TRIM(LOWER(?)) AND ENABLED = '1'
  |              </module-option>
  |              <module-option name="rolesQuery">
  |                 SELECT DISTINCT RP.PERMISSION_NAME, 'Roles' FROM USER U, 
USER_ROLE UR, ROLE_PERMISSION RP WHERE LOWER(U.USERNAME) = TRIM(LOWER(?)) AND 
U.SEQ = UR.USER_SEQ AND UR.ROLE_SEQ = RP.ROLE_SEQ
  |              </module-option>
  |              <module-option 
name="unauthenticatedIdentity">anonymous</module-option>
  |              <module-option 
name="password-stacking">useFirstPass</module-option>
  |              <module-option name="hashAlgorithm">MD5</module-option>
  |              <module-option name="hashEncoding">base64</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | 

 web.xml


  |     <security-constraint>
  |         <web-resource-collection>
  |             <web-resource-name>Action servlet</web-resource-name>
  |             <url-pattern>*.do</url-pattern>
  |         </web-resource-collection>
  |         <web-resource-collection>
  |             <web-resource-name>Secure JSP Pages</web-resource-name>
  |             <url-pattern>/jsp/*</url-pattern>
  |         </web-resource-collection>
  |         <auth-constraint>
  |             <role-name>app_access</role-name>
  |         </auth-constraint>
  |         <user-data-constraint>
  |             <transport-guarantee>NONE</transport-guarantee>
  |         </user-data-constraint>
  |     </security-constraint>
  | 
  |     <!-- Form-based login -->
  |     <login-config>
  |         <auth-method>FORM</auth-method>
  |         <realm-name>db_Sec_realm</realm-name>
  |         <form-login-config>
  |             <form-login-page>/login.jsp</form-login-page>
  |             <form-error-page>/loginError.jsp</form-error-page>
  |         </form-login-config>
  |     </login-config>
  | 
  |     <!-- Permission for login (neede to access secure resources) -->
  |     <security-role>
  |         <role-name>app_access</role-name>
  |     </security-role>
  | 
  |     <session-config>
  |         <session-timeout>20</session-timeout>
  |     </session-config>
  | 

 The problem:

When I try to login to the app using a valid username/password. I am redirected 
to the loginError.jsp page. I am really lost on how to debug this problem. Any 
pointers on the solution to this issue or possible areas of issues to 
investigate is greatly appriciated.

Regards,
MR


View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3962677#3962677

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3962677
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to