Hi,
I have just downloaded the new beta release (2.4) of jboss/tomcat
integration, installed my application but
it seems that the tomcat security integration does not work as it used to
be. I'm using the DatabaseServerLoginModule
and here is my auth.conf (inspired from the great Jaas how to that I
followed step by step)
When I try to access the servlet, a login window opens but it seems to have
no effect on the server.
and BTW what is this new file domain.xml ?
Fran�ois (going back to 2.2.2 for now :)
auth.conf
example1 {
// A properties file LoginModule that supports CallerPrincipal mapping
org.jboss.security.auth.spi.UsersRolesLoginModule required
;
};
example2 {
/* A JDBC based LoginModule
LoginModule options:
dsJndiName: The name of the DataSource of the database containing the
Principals, Roles tables
principalsQuery: The prepared statement query equivalent to:
"select userPasswd from userss where userName=?"
rolesQuery: The prepared statement query equivalent to:
"select Role, RoleGroup from Roles where userName=?"
*/
org.jboss.security.auth.spi.DatabaseServerLoginModule required
dsJndiName="java:/DefaultDS"
principalsQuery="select userPasswd from users where userName=?"
rolesQuery="select roleName, RoleGroup from Roles where userName=?"
;
};
This is the only thing I changed in the new configuration
Here are the other files that may be useful but they were working before....
jboss-web
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/example2</security-domain>
</jboss-web>
web.xml
<?xml version="1.0" encoding="Cp1252"?>
<web-app>
<display-name>JUnit</display-name>
<description>This component contains the JUnit testing
framework.</description>
<servlet>
<servlet-name>TestRunner</servlet-name>
<display-name>TestRunner</display-name>
<description>This servlet can invoke JUnit test cases in the context of
a running application server.</description>
<servlet-class>junit.servletui.TestRunner</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestRunner</servlet-name>
<url-pattern>/protected/TestRunner</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>500</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/protected/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>HEAD</http-method>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>
<!-- Form-based login is enabled by default. If you wish to
try Basic authentication, comment out the <login-config>
section below and uncomment the one above. -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
</login-config>
</web-app>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
