Hi All,
No matter how I seem to configure my application, the catalina side of authentication
is allowing everyone through?
I can authenticate manually and validly check users and pass. However using a
standard form going to "j_security_check", it does not seem to be using the jboss
security? It is just allowing everything though. Am I doing something really stupid
here?
Thanks,
Jake T.
auth.conf:
client-db {
org.jboss.security.auth.spi.DatabaseServerLoginModule required
dsJndiName="java:/PostgresDS"
principalsQuery="select Password from Principals where PrincipalID=?"
rolesQuery="select Role, RoleGroup from Roles where PrincipalID=?"
;
};
jboss-web.xml
<security-domain>java:/jaas/client-db</security-domain>
web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
<deXcription>Declarative security tests</deXcription>
<url-pattern>/index.jsp</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Login</role-name>
</auth-constraint>
<user-data-constraint>
<deXcription>no description</deXcription>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Application Realm</realm-name>
<form-login-config>
<form-login-page>/logon.jsp</form-login-page>
<form-error-page>/logon-error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<deXcription>A user allowed to invoke login methods</deXcription>
<role-name>Login</role-name>
</security-role>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
