Hello,
since a few days i am trying to setup a jboss server that was running for a
long time, but wasn't used for the past months. the deploy path is available
with all the contents and is working like expected where no login is needed
(apache and tomcat is also configured like before). database connections are
loging in successfully.
the project itself is very huge - but the company that did the first setup is
not available anymore. so we need to get it up and running ourselfs.
from my investigations the problem is the missing conf path. (login-conf.xml
maybe)
when the application sends the auth - the tomcat is sending back that an auth
is needed but not given and so the "RequestProcessor" is not available. There
is no sql statements executed (i am monitoring the mysql.log on a development
machine)
corresponding web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>ProtectedServlets</web-resource-name>
<url-pattern>/RequestProcessor</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MyUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My Web Service</realm-name>
</login-config>
<security-role>
<role-name>MyUser</role-name>
</security-role>
corresponding jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/myDataBase</security-domain>
<ejb-local-ref>
<ejb-ref-name>
ejb/JBossRequestProcessorSession
</ejb-ref-name>
<local-jndi-name>
myDataBase/JBossRequestProcessorSession
</local-jndi-name>
</ejb-local-ref>
.......
.......
.......
</jboss-web>
used for the test is an internal server with an internal name test.intern so
that no traffic goes out - that is all workin well in the network so no need to
think about that
what happens in auth is this
the client sends
.4......HTTP/1.1.../server/RequestProcessor...192.168.0.110.....www.test.intern..P.......Basic.bWFya3VzOmFzZGZhc2Rm.....Jakarta.Commons-HttpClient/2.0.2.....www.test.intern.....36....!application/x-www-form-urlencoded...........
the jk.log says
<Unauthorized.....WWW-Authenticate..(Basic.realm="My.Web.Service"...Content-Type...text/html;charset=utf-8...
------
the cryptic string is a base64 encoded username password pair
that is the bottom of the problem - nowhere i am able to find informations if i
can send this through login-config.xml into the database - i know how to say
that the password is encrypted - and what the algorithm is - but not how to
handle user and password within ONE base64string
my mysql statement would be like that
SELECT userID FROM logins WHERE username=? AND password=?
(password is md5 encrypted)
the second for the role would be
SELECT privilege FROM set_privileges WHERE userId=?
(privilege would be MyUser)
they are all fetched from MyDataBase
is there any help where i can find out how to handle that? (base64decode -
split - md5 encode)
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4258078#4258078
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4258078
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
