running a small jsp app on jboss 3.0.6 w/ jetty, i'm having problems with
the JAAS login. the jboss console says that the authentication succeeds,
but the roles fail. i've created a simple testcase by changing the
rolesQuery to hardcode the role i'm looking for, and it still fails. here's
my login-config, web.xml, and jboss-web.xml:
login-config.xml
<application-policy name="brownnet">
<authentication>
<login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="dsJndiName">java:/bpi/wasd/bpi</module-option>
<module-option name="principalsQuery">select password from bpi_user
where username = ?</module-option>
<module-option name="rolesQuery">SELECT 'bcsDeveloper', 'rolegroup'
FROM bpi_user where username = ?<module-option>
</login-module>
</authentication>
</application-policy>
web.xml
<!-- Developer Application security -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Bindery Collection System Developer
application</web-resource-name>
<description>Developer application</description>
<url-pattern>/doc/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>bcsDeveloper</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/errorPageLogin.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description><![CDATA[Basic BCS user]]></description>
<role-name>bcsUser</role-name>
</security-role>
<security-role>
<description><![CDATA[BCS IT developer]]></description>
<role-name>bcsDeveloper</role-name>
</security-role>
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/brownnet</security-domain>
<!-- Resource references -->
<!-- EJB References -->
</jboss-web>
console messages:
14:24:54,485 DEBUG [JBossUserRealm#null] JBossUserPrincipal: ryans
14:24:54,485 DEBUG [JBossUserRealm#null] created
JBossUserRealm::JBossUserPrinci
pal: ryans
14:24:54,485 DEBUG [JBossUserRealm#null] authenticating: Name:ryans
Password:***
*
14:24:54,525 DEBUG [IdleRemover] internalRegisterPool: registering pool with
interval 900000 old interval: 450000
14:24:54,525 DEBUG [LocalManagedConnectionFactory] Using properties:
{user=jboss, password=jbosswasd}
14:24:54,525 DEBUG [LocalManagedConnectionFactory] Checking driver for URL:
jdbc:oracle:thin:@172.16.1.28:1521:wasd
14:24:54,525 DEBUG [LocalManagedConnectionFactory] Driver already registered
for url: jdbc:oracle:thin:@172.16.1.28:1521:wasd
14:24:54,735 DEBUG [JBossUserRealm#null] authenticated: ryans
14:24:54,745 DEBUG [JBossUserRealm#null] setting JAAS
subjectAttributeName(j_subject) : Subject: Principal: ryans
Principal: rolegroup
14:24:54,775 DEBUG [JBossUserRealm#null] authenticating: Name:ryans
Password:****
14:24:54,775 DEBUG [JBossUserRealm#null] authenticated: ryans
14:24:54,775 DEBUG [JBossUserRealm#null] JBossUserPrincipal: ryans is NOT in
Role: bcsDeveloper
14:24:54,795 WARN [jbossweb] WARNING: AUTH FAILURE: role for ryans
14:24:57,579 DEBUG [JBossUserRealm#null] JBossUserPrincipal: ryans is NOT in
Role: bcsDeveloper
any help would be greatly appreciated.
Ryan
Ryan J. Sonnek
Brown Printing Company
J2EE Application Developer
507.835.0803
<mailto:[EMAIL PROTECTED]>
-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
