Re: [JBoss-user] JAAS and JSP

Wed, 08 Aug 2001 06:11:01 -0700 



Nicolai P Guba wrote:
> 
> I need help in security matters.
> 
> I've read the JAAS Howto and got the (thin) client to sucessfully
> authenticate itself etc... (using DatabaseServerLoginModule).
> 
> I'd like to try out the same with JSP pages (unfortunately no example
> but cannot be that different since it is in essence a servlet itself)
> but appear to have some problems.
> 
> First, the web server doesn't give me the popup box for authentication
> (as advertised in the Howto), so I decided to do this via a login page.
> Not a big problem since this is much closer to a real-life scenario
> anyway (we'll need this later on).
> 
> The first problem is that the webcontainer does't seem to know about the
> security-authentication mechanism since it says:
> 
> [Default] java.io.IOException: Properties file users.properties not
> found
> [Default]       at
> 
>org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:200)
> 
> I'd expect any errors to come from the DatabaseServerLoginModule.
> 
> What didn't I do, and where should I put my client's auth.conf?
> 

Have you put an entry in auth.conf for "frontwire-platform" which uses
the DatabaseServerLoginModule? It sounds like you're ending up with the
default one.

Presumably you're using the embedded tomcat distribution (??). This is
set up to use the jboss security manager so you should modify the
auth.conf in your jboss configuration directory.

Also you say you're now using a login page instead of basic
authentication ?? I'm not sure what you mean by this because the
web.xml you supplied was still set up to use basic authentication. This
should preobably be changed to use form-based authentication and
specify the jsp to use for logins:

<login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
                <form-login-page>/login.jsp</form-login-page>
                <form-error-page>/loginFailed.htm</form-error-page>
        </form-login-config>
</login-config>

Luke.




-- 
 Luke Taylor.
 PGP Key ID: 0x57E9523C

_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to