Thanks for the info and by the way, I have been working straight from the Quick Start Guide draft 3.
I've modified by jboss-web.xml to be exactly as you listed below with no apparent impact on the behavior. I'm still getting the behavior as described below. Any help at all will be greatly appreciated! Thanks, Todd -----Original Message----- From: [EMAIL PROTECTED] [mailto:jboss-user-admin@;lists.sourceforge.net] On Behalf Of Scott M Stark Sent: Sunday, November 03, 2002 9:51 AM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] DatabaseServerLoginModule There is no jboss-web.xml descriptor describing the security domain under which authentication should occur. See the getting started guide where a WEB-INF/jboss-web.xml file is described as being required to enable security: <jboss-web> <security-domain>java:/jaas/other</security-domain> </jboss-web> On Sunday, November 3, 2002, at 07:30 AM, Todd Gould wrote: > > Hello: > > I'm trying to configure the DatabaseServerLoginModule to use as an > authentication mechanism for a simple JSP with simple FORM based > security. I'm sure I am missing something, but have not been able to > find my error(s) in the documentation or other related posts. This is > with JBoss 3.0.0 with Tomcat 4.0.3. > > The problem is as follows: The JSP presents and appears to process the > login form correctly and just as expected. The problem is that no > matter > what I respond to the form with for user and password, I am > successfully > transferred to the JSP that is supposed to be guarded. This is to say > that users/pws that are in the database and any other garbabge that is > not both appear to work equally well and result in successful > authentication. There are no errors on the console or log that I have > found. There are also no errors during startup. There are also no > indications that any authentication is ocurring. > > I'd appreciate any and all help as I'm not sure what I'm missing at > this > point. > > Here are the relevant sections from the files: > > web.xml: > <security-constraint> > <web-resource-collection> > <web-resource-name>BookMarks</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>PortalUser</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> <realm-name>AbilSoftRealm</realm-name> > <form-login-config> > <form-login-page>/login.html</form-login-page> > <form-error-page>/login-error.html</form-error-page> > </form-login-config> > </login-config> > > <security-role> > <role-name>PortalUser</role-name> > </security-role> > > jboss-web.xml: > > <jboss-web> > <security-domain>java:/jaas/AbilSoftRealm</security-domain> > </jboss-web> > > login-config.xml: > > <application-policy name = "SecurityDbRealm"> <authentication> > <login-module code = > "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = > "required"> > <module-option name = "principal">testuser</module-option> > <module-option name = "userName">testuser</module-option> > <module-option name = "password">pw</module-option> > <module-option name = > "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=Securit > yDS</module-option> > </login-module> > </authentication> > </application-policy> > > > <application-policy name = "AbilSoftRealm"> > <authentication> > <login-module code = > "org.jboss.security.auth.spi.DatabaseServerLoginModule" > flag = "required"> > <module-option name = "dsJndiName">java:/SecurityPool</module-option> > <module-option name = "principalsQuery">select password from users > where username = ?</module-option> > <module-option name = "rolesQuery">select role, rolegroup from roles > where username = ?</module-option> > <module-option name = "hashAlgorithm">MD5</module-option> > <module-option name = "hashEncoding">base64</module-option> > </login-module> > </authentication> > </application-policy> > > Thanks again. ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
