[JBoss-user] login problem

Fri, 18 Nov 2005 08:54:53 -0800 

   I have a problem with form based authentication method. I'm using a
custom login module and i have 2 users defined in the jboss login
users.properties  each one having it's role defined. The custom login module
should accept other users (defined separate from jboss) and loging them as
one of the 2 users from jboss. The problem is that although the login seems
to work the ejb's are complaining about lack of permission. If i use the
jaas/other everithing works fine. Do you have any ideea why this happens?


Here is my configuration for JBoss server:

the  security constraints from web.xml file

<web-app>
    . . . . . . .
   <security-constraint>
       <web-resource-collection>
           <web-resource-name>Secure Content</web-resource-name>
           <url-pattern>/*</url-pattern>
       </web-resource-collection>

       <auth-constraint>
           <role-name>LocalUser</role-name>
           <role-name>LocalAdmin</role-name>
       </auth-constraint>

       <user-data-constraint>
           <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
   </security-constraint>

   <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>Restricted content</realm-name>
       <form-login-config>
           <form-login-page>/app?service=page/Login</form-login-page>
           <form-error-page>/app?service=page/Login_error</form-error-page>
       </form-login-config>
   </login-config>

   <security-role>
       <description>Normal User</description>
       <role-name>LocalUser</role-name>
   </security-role>
   <security-role>
       <description>Administrator</description>
       <role-name>LocalAdmin</role-name>
   </security-role>
</web-app>


i'm using a security-domain with a custom login module from login-config.xml
file :

   <application-policy name="myapp">
       <authentication>
           <login-module
code="be.unid.site.tapestry.util.CustomLoginModule"
                         flag="required">
               <module-option
name="unauthenticatedIdentity">anonymous</module-option>
           </login-module>
       </authentication>
   </application-policy>

and here is the jboss-web.xml file.

<jboss-web>
       <security-domain>java:/jaas/myapp</security-domain>
</jboss-web>







-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to