RE: [JBoss-user] auth login config file from JSP

Thu, 03 Apr 2003 14:04:54 -0800 

> From: Scott M Stark [mailto:[EMAIL PROTECTED] 
>
> You need to specify the security domain name in the war
WEB-INF/jboss-web.xml descriptor. 
>
> <jboss-web>
>    <security-domain>java:/jaas/xyz</security-domain>
> </jboss-web>

But what if I want both form-based and programmatic logins, with both
sharing use of a database authenticator?  I have a "userdb" domain
defined in login-config.xml as follows:

    <application-policy name="userdb">
      <authentication>
        <login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag =
"required">
          <module-option
name="dsJndiName">java:/OracleDS</module-option>
          <module-option name="principalsQuery">select password from
users where login=?</module-option>
          <module-option name="rolesQuery">select 'User', 'Roles' from
users where login=?</module-option>
        </login-module>
      </authentication>
    </application-policy>

This works fine for supporting form-based authentication using this from
web.xml:

        <login-config>
                <auth-method>FORM</auth-method>
                <realm-name>PortBlue secure content</realm-name>
                <form-login-config>
        
<form-login-page>/ClientLogin.jsp?themeName=current</form-login-page>
        
<form-error-page>/IndexPublic.jsp?themeName=current</form-error-page>
                </form-login-config>
        </login-config>

And this as the entirety of jboss-web.xml:

<jboss-web>
        <context-root>/</context-root>
        <security-domain>java:/jaas/userdb</security-domain>
</jboss-web>

Again, form-based login works fine with this setup.  But if I try to do
a login from code in a servlet, like this:

            LoginContext lc = new LoginContext("userdb", this);
            lc.login();
            
(with 'this' providing a callback that gives the special username and
password required in this situation), I get no sign of a login failure,
and the resulting lc can provide a Subject with the seemingly correct
information in it, but nonetheless when I hit a protected servlet after
this code has run I get shunted over to my login form as if no
authentication had occurred.

Please help; I'm tearing my hair out trying to understand this!

-- 
Craig Berry
Principal Architect and Technical Manager
PortBlue
(310) 566-7546
 


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to