For some reason, I still can't get this to work. I'm using JBoss-4.0.4GA. I try
to his a url like localhost:8080/orders.ftl which I expect to invoke a
SpringMVC controller, but first the user needs to authenticate, so if I
understand this correctly, this URL gets cached and he gets pointed to the
<form-login-page> as indicated in the web.xml. And I do, I type in username and
passwd, but then I get the following 403 error.
| HTTP Status 403 - Access to the requested resource has been denied
| type Status report
| message Access to the requested resource has been denied
| description Access to the specified resource (Access to the requested
resource has been denied) has been forbidden.
| Apache Tomcat/5.5.17
|
Anyone have ideas, any help much appreciated.
Here's my web.xml ...
| ...
| <security-constraint>
| <web-resource-collection>
| <description>Protects all resources</description>
| <web-resource-name>All resources</web-resource-name>
| <url-pattern>/*</url-pattern>
| </web-resource-collection>
|
| <auth-constraint>
| <role-name>WebAppUser</role-name>
| </auth-constraint>
|
| <!-- user-data-constraint>
| <transport-guarantee>NONE</transport-guarantee>
| </user-data-constraint -->
| </security-constraint>
|
| <login-config>
| <auth-method>FORM</auth-method>
|
| <form-login-config>
| <form-login-page>/index.html</form-login-page>
| <form-error-page>/errors.html</form-error-page>
| </form-login-config>
| </login-config>
|
I have my tables setup like such ... I simplified them as much as I could.
| CREATE TABLE Users (
| userName VARCHAR(64) PRIMARY KEY,
| passwd VARCHAR(64)
| );
|
| INSERT INTO Users VALUES('Admin', 'system');
|
| CREATE TABLE UserRoles (
| userName VARCHAR(32) NOT NULL,
| userRoles VARCHAR(32) NOT NULL
| );
|
| INSERT INTO UserRoles VALUES('admin', 'Administrator');
|
And in my login-config.xml file, I put this at the end.
| <application-policy name="myapp">
| <authentication>
| <login-module
| code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag="required">
|
| <module-option name="unauthenticatedIdentity">
| guest
| </module-option>
|
| <module-option name="dsJndiName">
| java:/PostgresDS
| </module-option>
|
| <module-option name="principalsQuery">
| SELECT passwd FROM Users userName WHERE userName=?
| </module-option>
|
| <module-option name="rolesQuery">
| SELECT userRoles, 'Roles' FROM UserRoles WHERE
userName=?
| </module-option>
| </login-module>
| </authentication>
| </application-policy>
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3945952#3945952
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3945952
-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
