Try changing this line in login-config.xml
<module-option name = "rolesQuery">SELECT user_roles, user_group FROM USER_ROLES WHERE USERNAME=?</module-option>
To
<module-option name = "rolesQuery">SELECT user_roles, 'Roles' FROM USER_ROLES WHERE USERNAME=?</module-option>
or change the value of user_group in all rows to "Roles".
My understanding of the second parameter that the rolesquery should return is that
you can somhow categorize users in diffent ways, but that the default user/role handling
should return "Roles".
It also sounds like you might have misunderstood how the "run-as" identity is used.
That identity does not affect the callers of a bean or who can call it, it says that
when the bean tries to access other beans it will do so with the run-as identity.
This is so you can define beans that only can be called by "internal" identities so
that noone can call them directly from the outside.
Regards /Mikael
At 09:51 2003-04-03 +0200, [EMAIL PROTECTED] wrote:
I appologize for this Off-Topic message, but I desperatly need help!
I have been fighting with the JBoss DatabaseServerLoginModule for almost 2 months now without success.
I have tried an infinite number of combinations to try to get to a _SIMPLE_ solution as outlined by the JBoss manual, the JAAS article in JavaWorld, and hundreds of documents and examples from all over the internet.
Well, I just don't have anymore time to waste as my deadline is now 48 hours away!
I desperately need help:
1. Find someone to offer some help to resolve this by Friday. 2. Direct me somewhere to find the help I need 3. Tell who would be willing to have me hire them for the help I need.
Here is my current situation:
I am using JBoss 3.0.6 with Catalina on NT 4.0, MySql, XDoclet 1.2, Struts 1.1rc1, JDK 1.4.
I create a beans.jar, common.jar, app.war and package everything into app.ear. The only things that are not in my EAR are the mysql-service.xml, auth.conf, login-config.xml, and server.policy which reside in the $JBOSS_HOME\server\default\conf and the $JBOSS_HOME\server\default\deploy directories.
I also attached all the above file in a zip file here in this message.
I have the DatabaseServerLoginModule configured and it seems to be operating, but not correctly.
When I try to access a page under /private/* I get forwarded to /logon.jsp correctly.
My MySql Database has 2 tables: TABLE_USER: columns: username, password TABLE_USER_ROLES: columns: username, user_roles, user_group
TABLE_USER: data: "mick", "mickPassword" TABLE_USER_ROLES: data1: "mick", "user", "user" TABLE_USER_ROLES: data2: "mick", "admin", "admin"
I then type in j_username: "mick", j_password: "mickPassword" and click ENTER.
I seem to be logged in successfully as the console shows that I have 3 Principals: "mick", "user", "admin" and when I attempt to navigate to pages in the private area that do not require EJB access, I continue to see that my Principal is kept successfully through each page. So I do _not_ currently have the Principal=null issue.
I do however have a UserPreferenceFilter that I check if the user is in role "user", "admin", or "guest" and all 3 come up as "NO".
Also, when I attempt to access a page that goes to my EJB layer, I get a Security violation error that states user must belong to [<ANYONE>] role. But I have added a "run-as = InternalUser" for all my EJB's so far. But that does not seem to work. When I remove the "run-as=InternalUser", I get a Security Violation that states the user must belong to the role I specified.
So it seems that my main 2 issues are getting the Roles to stick to the user when they login, and the EJB's to be able to use the user Roles, or the "run-as=InternalUser"
------------------------- Thank You Mick Knutson Sr. Designer - Project Trust aUBS AG, Financial - Z�rich Office: +41 (0)1/234.42.75 Internal: 48194 Mobile: 079.726.14.26 -------------------------
Visit our website at http://www.ubswarburg.com
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
