Well, I thought that I had this problem resolved, but I really don't.
It seems that the databaseserverloginmodule is logging me in and getting my
roles
| 2005-07-15 15:20:22,750 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'jbrosan'
authenticated, loginOk=true
| 2005-07-15 15:20:22,750 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
| 2005-07-15 15:20:22,765 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role DEV
| 2005-07-15 15:20:22,765 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role MIS
|
It seems that the web container is not getting the roles. if I do
| <%= request.getUserPrincipal().getName() %>
|
I get the correct principal. But If I try the following:
| <%out.println(request.isUserInRole("DEV")); %>
|
I get false.
Here is my most recent login-config.xml
| <?xml version='1.0'?>
| <!DOCTYPE policy PUBLIC
| "-//JBoss//DTD JBOSS Security Config 3.0//EN"
| "http://www.jboss.org/j2ee/dtd/security_config.dtd";>
|
| <!-- The XML based JAAS login configuration read by the
| org.jboss.security.auth.login.XMLLoginConfig mbean. Add
| an application-policy element for each security domain.
|
| The outline of the application-policy is:
| <application-policy name="security-domain-name">
| <authentication>
| <login-module code="login.module1.class.name" flag="control_flag">
| <module-option name = "option1-name">option1-value</module-option>
| <module-option name = "option2-name">option2-value</module-option>
| ...
| </login-module>
|
| <login-module code="login.module2.class.name" flag="control_flag">
| ...
| </login-module>
| ...
| </authentication>
| </application-policy>
|
| $Revision: 1.12.2.2 $
| -->
|
| <policy>
| <!-- Used by clients within the application server VM such as
| mbeans and servlets that access EJBs.
| -->
| <application-policy name = "client-login">
| <authentication>
| <login-module code = "org.jboss.security.ClientLoginModule"
| flag = "required">
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- Security domain for JBossMQ -->
| <application-policy name = "jbossmq">
| <authentication>
| <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag = "required">
| <module-option name =
"unauthenticatedIdentity">guest</module-option>
| <module-option name =
"dsJndiName">java:/DefaultDS</module-option>
| <module-option name = "principalsQuery">SELECT PASSWD FROM
JMS_USERS WHERE USERID=?</module-option>
| <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM
JMS_ROLES WHERE USERID=?</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- Security domain for JBossMQ when using file-state-service.xml
| <application-policy name = "jbossmq">
| <authentication>
| <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
| flag = "required">
| <module-option name =
"unauthenticatedIdentity">guest</module-option>
| <module-option name =
"sm.objectname">jboss.mq:service=StateManager</module-option>
| </login-module>
| </authentication>
| </application-policy>
| -->
|
| <!-- Security domains for testing new jca framework -->
| <application-policy name = "HsqlDbRealm">
| <authentication>
| <login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
| flag = "required">
| <module-option name = "principal">sa</module-option>
| <module-option name = "userName">sa</module-option>
| <module-option name = "password"></module-option>
| <module-option name =
"managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <application-policy name = "JmsXARealm">
| <authentication>
| <login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
| flag = "required">
| <module-option name = "principal">guest</module-option>
| <module-option name = "userName">guest</module-option>
| <module-option name = "password">guest</module-option>
| <module-option name =
"managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- A template configuration for the jmx-console web application. This
| defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name = "jmx-console">
| <authentication>
| <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required">
| <module-option
name="usersProperties">props/jmx-console-users.properties</module-option>
| <module-option
name="rolesProperties">props/jmx-console-roles.properties</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- A template configuration for the web-console web application. This
| defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name = "web-console">
| <authentication>
| <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required">
| <module-option
name="usersProperties">web-console-users.properties</module-option>
| <module-option
name="rolesProperties">web-console-roles.properties</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- A template configuration for the JBossWS web application (and
transport layer!).
| This defaults to the UsersRolesLoginModule the same as other and
should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name="JBossWS">
| <authentication>
| <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag="required">
| <module-option
name="unauthenticatedIdentity">anonymous</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- The default login configuration used by any security domain that
| does not have a application-policy entry with a matching name
| -->
| <application-policy name = "other">
| <!-- A simple server login module, which can be used when the number
| of users is relatively small. It uses two properties files:
| users.properties, which holds users (key) and their password (value).
| roles.properties, which holds users (key) and a comma-separated list
of
| their roles (value).
| The unauthenticatedIdentity property defines the name of the
principal
| that will be used when a null username and password are presented as
is
| the case for an unuathenticated web client or MDB. If you want to
| allow such users to be authenticated add the property, e.g.,
| unauthenticatedIdentity="nobody"
| -->
| <authentication>
| <login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required" />
| </authentication>
| </application-policy>
|
| <application-policy name = "turaportal">
| <authentication>
|
| <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
| <module-option name =
"unauthenticatedIdentity">guest</module-option>
| <module-option name =
"dsJndiName">java:/TuraPortalDS</module-option>
| <module-option name = "principalsQuery">SELECT
sec_user_password,sec_vendor_id_nbr FROM SEC_TURA_USERS WHERE
sec_user_id=?</module-option>
| <!-- <module-option name = "rolesQuery">SELECT
Role 'Roles', RoleGroup 'RoleGroups' FROM SEC_TURA_USER_ROLES WHERE
sec_user_id=?</module-option> -->
| <module-option name = "rolesQuery">SELECT Role, RoleGroup
as 'Roles' FROM SEC_TURA_USER_ROLES WHERE sec_user_id=?</module-option>
| </login-module>
| <!-- <login-module code =
"org.jboss.security.ClientLoginModule" flag = "required"></login-module> -->
| </authentication>
| </application-policy>
| </policy>
|
I'm using SQLServer and everything seems to work. The web container just doesnt
get the roles.
Any assistance would be GREATLY appreciated.
Thanks
John
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3885101#3885101
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3885101
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
