[JBoss-user] Web security problem

Fri, 06 Jun 2003 05:06:08 -0700 

I'm trying to enable web security on a j2ee application under
jboss-3.2.0_tomcat-4.1.24. Problem is that After making (what I think
is) all the necessary config changes, I always get a 403 error from
tomcat when accessing secure pages - the browser doesn't display a login
screen. There are no messages in the log.

In my jboss-web.xml I have:


<jboss-web>

   <security-domain>java:/jaas/webenrolOperRealm</security-domain>

</jboss-web>

In web.xml I have:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>OperatorPages</web-resource-name>
        <url-pattern>/secure/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description>
            Pages that require authenticated operator access
        </description>
        <role-name>Operator</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Webenrol Organisation Administration</realm-name>
</login-config>


and in my login-config.xml I have:
    <application-policy name = "webenrolOperRealm">
       <authentication>
          <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
            flag="required">
          <module-option name="dsJndiName">java:/PostgresDS</module-option>
          <module-option name="principalsQuery">select password from operator
where login_name=?</module-option>
          <module-option name="rolesQuery">select 'Operator', 'Roles' from
operator where login_name=?</module-option>
          <module-option
name="unauthenticatedIdentity">Stranger</module-option>
          </login-module>
       </authentication>

    </application-policy>


When I do an explicit login using a LoginContext, the login works fine.

I'm sure I must be missing something really dumb and obvious but I've
been round the houses on this several times now with no progress, so I'd
be grateful if anyone can give me any ideas what I might have missed.

David

-- 

David Whitmarsh
Sparkle Computer Co Ltd
Systems Development and Consultancy
UNIX/LINUX/Windows, C/C++/perl/java Sybase
Internet, Intranet, Security

web: www.sparkle-cc.co.uk
mob: +44 (0)7802 537097

==========================================

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to