Re: [JBoss-user] DatabaseLoginModule problems

[Scott M Stark]

Case sentitive name "RoleGroup", not 'rolegroup' 

xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx

----- Original Message ----- 
From: "Sonnek, Ryan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 20, 2003 12:26 PM
Subject: [JBoss-user] DatabaseLoginModule problems


> running a small jsp app on jboss 3.0.6 w/ jetty, i'm having problems with
> the JAAS login.  the jboss console says that the authentication succeeds,
> but the roles fail.  i've created a simple testcase by changing the
> rolesQuery to hardcode the role i'm looking for, and it still fails.  here's
> my login-config, web.xml, and jboss-web.xml:
> 
> login-config.xml
>   <application-policy name="brownnet">
>     <authentication>
>       <login-module
> code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
> flag="required">
>         <module-option name="dsJndiName">java:/bpi/wasd/bpi</module-option>
>         <module-option name="principalsQuery">select password from bpi_user
> where username = ?</module-option>
>         <module-option name="rolesQuery">SELECT 'bcsDeveloper', 'rolegroup'
> FROM bpi_user where username = ?<module-option>
>       </login-module>
>     </authentication>
>   </application-policy>
> 
> web.xml
>     <!-- Developer Application security -->
>   <security-constraint>
>     <web-resource-collection>
>       <web-resource-name>Bindery Collection System Developer
> application</web-resource-name>
>       <description>Developer application</description>
>       <url-pattern>/doc/*</url-pattern>
>     </web-resource-collection>
>     <auth-constraint>
>        <role-name>bcsDeveloper</role-name>
>     </auth-constraint>
>     <user-data-constraint>
>       <transport-guarantee>NONE</transport-guarantee>
>     </user-data-constraint>
>   </security-constraint>
> 
>   <!-- Define the Login Configuration for this Application -->
>   <login-config>
>     <auth-method>FORM</auth-method>
>     <form-login-config>
>       <form-login-page>/login.jsp</form-login-page>
>       <form-error-page>/errorPageLogin.jsp</form-error-page>
>     </form-login-config>
>   </login-config>
> 
>    <security-role>
>       <description><![CDATA[Basic BCS user]]></description>
>       <role-name>bcsUser</role-name>
>    </security-role>
>    <security-role>
>       <description><![CDATA[BCS IT developer]]></description>
>       <role-name>bcsDeveloper</role-name>
>    </security-role>
> 
> jboss-web.xml
> <jboss-web>
> 
>    <security-domain>java:/jaas/brownnet</security-domain>
> 
>    <!-- Resource references -->
> 
>    <!-- EJB References -->
> 
> </jboss-web>
> 
> console messages:
> 14:24:54,485 DEBUG [JBossUserRealm#null] JBossUserPrincipal: ryans
> 14:24:54,485 DEBUG [JBossUserRealm#null] created
> JBossUserRealm::JBossUserPrinci
> pal: ryans
> 14:24:54,485 DEBUG [JBossUserRealm#null] authenticating: Name:ryans
> Password:***
> *
> 14:24:54,525 DEBUG [IdleRemover] internalRegisterPool: registering pool with
> interval 900000 old interval: 450000
> 14:24:54,525 DEBUG [LocalManagedConnectionFactory] Using properties:
> {user=jboss, password=jbosswasd}
> 14:24:54,525 DEBUG [LocalManagedConnectionFactory] Checking driver for URL:
> jdbc:oracle:thin:@172.16.1.28:1521:wasd
> 14:24:54,525 DEBUG [LocalManagedConnectionFactory] Driver already registered
> for url: jdbc:oracle:thin:@172.16.1.28:1521:wasd
> 14:24:54,735 DEBUG [JBossUserRealm#null] authenticated: ryans
> 14:24:54,745 DEBUG [JBossUserRealm#null] setting JAAS
> subjectAttributeName(j_subject) : Subject:        Principal: ryans
> Principal: rolegroup
> 14:24:54,775 DEBUG [JBossUserRealm#null] authenticating: Name:ryans
> Password:****
> 14:24:54,775 DEBUG [JBossUserRealm#null] authenticated: ryans
> 14:24:54,775 DEBUG [JBossUserRealm#null] JBossUserPrincipal: ryans is NOT in
> Role: bcsDeveloper
> 14:24:54,795 WARN  [jbossweb] WARNING: AUTH FAILURE: role for ryans
> 14:24:57,579 DEBUG [JBossUserRealm#null] JBossUserPrincipal: ryans is NOT in
> Role: bcsDeveloper
> 
> any help would be greatly appreciated.
> Ryan
> 
> Ryan J. Sonnek
> Brown Printing Company
> J2EE Application Developer
> 507.835.0803
> <mailto:[EMAIL PROTECTED]>
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
> The most comprehensive and flexible code editor you can use.
> Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
> www.slickedit.com/sourceforge
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-user
> 


-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user