Hi All, I am trying to setup a simple FORM database authentication but I have some problem... The authentication seems to pass but then I get an "HTTP Status 403 - Access to the requested resource has been denied" from the Tomcat. The strange thing is that when I am using the users.properties & roles.properties files all going just fine. The only change that I made using the database was in the login-config.xml
| <application-policy name="sms"> | <authentication> | <!-- <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" | flag = "required" /> | --> | <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" | flag="required"> | <module-option name="dsJndiName">java:/PostgresDS</module-option> | </login-module> | </authentication> | </application-policy> | In the database exist 2 tables named roles | CREATE TABLE roles | ( | principalid varchar(64) NOT NULL, | role varchar(32), | rolegroup varchar(32) | ) ; | and principals | CREATE TABLE principals | ( | principalid varchar(64) NOT NULL, | password varchar(100), | CONSTRAINT principals_pkey PRIMARY KEY (principalid) | ) ; | I suspect that the problem must be in web.xml | <welcome-file-list> | <welcome-file>index.jsp</welcome-file> | </welcome-file-list> | | <error-page> | <error-code>404</error-code> | <location>/error.jsp</location> | </error-page> | | <security-constraint> | <display-name>Server Configuration Security Constraint</display-name> | <web-resource-collection> | <web-resource-name>AdminPages</web-resource-name> | <description>no description</description> | <url-pattern>/*</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | </web-resource-collection> | <auth-constraint> | <role-name>Administrator</role-name> | </auth-constraint> | <user-data-constraint> | <description>Access by Administrator</description> | <transport-guarantee>NONE</transport-guarantee> | </user-data-constraint> | </security-constraint> | | <login-config> | <auth-method>FORM</auth-method> | <realm-name>sms</realm-name> | <form-login-config> | <form-login-page>/logon.jsp</form-login-page> | <form-error-page>/error_login.jsp</form-error-page> | </form-login-config> | </login-config> | | <security-role> | <role-name>Administrator</role-name> | </security-role> | | or jboss-web.xml | <jboss-web> | <security-domain>java:/jaas/sms</security-domain> | </jboss-web> | Did I miss something ?? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3834037#3834037 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3834037 ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
