Figured it out: jboss-web.xml was not in the right place
-----Original Message-----
More info about this problem: I am using JBoss 3.0.3/Jetty and can’t see java:/jaas/testAppSecurity in my JNDIView. I must be missing an obvious step somewhere.
Emily
-----Original Message-----
I am trying to get j_security_check working but for some reason I am allowed to login no matter what bogus username and password I enter (or if I enter none at all). I want to use the DefaultDB (Hypersonic) in order to authenticate, but I haven’t modified the DB at all yet so it seems to me that any attempt to login should fail. I do not see any activity on the server when I log in. Your help is appreciated
login-config.xml:
<application-policy name="testAppSecurity"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required" > <module-option name="dsJndiName">java:/DefaultDS</module-option> <module-option name="principalsQuery">SELECT passwd FROM Users WHERE username=?</module-option> <module-option name="rolesQuery">SELECT user_roles from UserRoles where username=?</module-option> </login-module> </authentication> </application-policy>
web.xml:
<web-app>
<security-constraint> <web-resource-collection> <web-resource-name>Secure Content</web-resource-name> <description>An example security config that only allows users with the role AuthorizedUser to access restricted content</description> <url-pattern>/restricted/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>AuthorizedUser</role-name> </auth-constraint> </security-constraint>
<login-config> <auth-method>FORM</auth-method> <realm-name>testAppSecurity</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login-error.html</form-error-page> </form-login-config> </login-config>
<security-role> <description>Role required to access restricted content</description> <role-name>AuthorizedUser</role-name> </security-role>
</web-app>
jboss-web.xml
<jboss-web> <security-domain>java:/jaas/testAppSecurity</security-domain> <context-root>/</context-root> </jboss-web>
login.jsp snippet:
<form method="post" action="j_security_check"> Username: <input type="text" size="20" name="j_username"> <br> Password: <input type="password" size="20" name="j_password"> <br> <input type="submit" value="Login"> </form>
|
- [JBoss-user] security_check Emily Short
- RE: [JBoss-user] security_check Emily Short
- Emily Short