[JBoss-user] login problem

Fri, 18 Nov 2005 08:56:33 -0800

I have a problem with form based authentication method. I'm using a custom login module and i have 2 users defined in the jboss login users.properties each one having it's role defined. The custom login module should accept other users (defined separate from jboss) and loging them as one of the 2 users from jboss. The problem is that although the login seems to work the ejb's are complaining about lack of permission. If i use the jaas/other everithing works fine. Do you have any ideea why this happens? 

Here is my configuration for JBoss server:

the  security constraints from web.xml file

<web-app>
    . . . . . . .
   <security-constraint>
       <web-resource-collection>
           <web-resource-name>Secure Content</web-resource-name>
           <url-pattern>/*</url-pattern>
       </web-resource-collection>

       <auth-constraint>
           <role-name>LocalUser</role-name>
           <role-name>LocalAdmin</role-name>
       </auth-constraint>

       <user-data-constraint>
           <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
   </security-constraint>

   <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>Restricted content</realm-name>
       <form-login-config>
           <form-login-page>/app?service=page/Login</form-login-page>
           <form-error-page>/app?service=page/Login_error</form-error-page>
       </form-login-config>
   </login-config>

   <security-role>
       <description>Normal User</description>
       <role-name>LocalUser</role-name>
   </security-role>
   <security-role>
       <description>Administrator</description>
       <role-name>LocalAdmin</role-name>
   </security-role>
</web-app>



i'm using a security-domain with a custom login module from login-config.xml 
file :


   <application-policy name="myapp">
       <authentication>

           <login-module 
code="be.unid.site.tapestry.util.CustomLoginModule"

                         flag="required">

               <module-option 
name="unauthenticatedIdentity">anonymous</module-option>

           </login-module>
       </authentication>
   </application-policy>

and here is the jboss-web.xml file.

<jboss-web>
       <security-domain>java:/jaas/myapp</security-domain>
</jboss-web>







-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user






















					Reply via email to