Scott,
Hang on a moment. But, Todd has a WEB-INF/jboss-web.xml file and the
security domain is pointing to his AbilSoftRealm and not to other.
Do you have to point to other for this stuff to work? And why does what
Todd is doing not work?
Ciao,
Jonathan O'Connor
Ph: +353 1 872 3305
Mob: +353 86 824 9736
Fax: +353 1 873 3612
Scott M Stark <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
03.11.2002 16:50
Please respond to jboss-user
To: [EMAIL PROTECTED]
cc:
Subject: Re: [JBoss-user] DatabaseServerLoginModule
There is no jboss-web.xml descriptor describing the security domain
under which authentication should occur. See the getting started guide
where a WEB-INF/jboss-web.xml file is described as being required
to enable security:
<jboss-web>
<security-domain>java:/jaas/other</security-domain>
</jboss-web>
On Sunday, November 3, 2002, at 07:30 AM, Todd Gould wrote:
>
> Hello:
>
> I'm trying to configure the DatabaseServerLoginModule to use as an
> authentication mechanism for a simple JSP with simple FORM based
> security. I'm sure I am missing something, but have not been able to
> find my error(s) in the documentation or other related posts. This is
> with JBoss 3.0.0 with Tomcat 4.0.3.
>
> The problem is as follows: The JSP presents and appears to process the
> login form correctly and just as expected. The problem is that no
> matter
> what I respond to the form with for user and password, I am
> successfully
> transferred to the JSP that is supposed to be guarded. This is to say
> that users/pws that are in the database and any other garbabge that is
> not both appear to work equally well and result in successful
> authentication. There are no errors on the console or log that I have
> found. There are also no errors during startup. There are also no
> indications that any authentication is ocurring.
>
> I'd appreciate any and all help as I'm not sure what I'm missing at
> this
> point.
>
> Here are the relevant sections from the files:
>
> web.xml:
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>BookMarks</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>PortalUser</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>AbilSoftRealm</realm-name>
> <form-login-config>
> <form-login-page>/login.html</form-login-page>
> <form-error-page>/login-error.html</form-error-page>
> </form-login-config>
> </login-config>
>
> <security-role>
> <role-name>PortalUser</role-name>
> </security-role>
>
> jboss-web.xml:
>
> <jboss-web> <security-domain>java:/jaas/AbilSoftRealm</security-domain>
> </jboss-web>
>
> login-config.xml:
>
> <application-policy name = "SecurityDbRealm">
> <authentication>
> <login-module code =
> "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag =
> "required">
> <module-option name = "principal">testuser</module-option>
> <module-option name = "userName">testuser</module-option>
> <module-option name = "password">pw</module-option>
> <module-option name =
> "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=Securit
> yDS</module-option>
> </login-module>
> </authentication>
> </application-policy>
>
>
> <application-policy name = "AbilSoftRealm">
> <authentication>
> <login-module code =
> "org.jboss.security.auth.spi.DatabaseServerLoginModule"
> flag = "required">
> <module-option name = "dsJndiName">java:/SecurityPool</module-option>
> <module-option name = "principalsQuery">select password from users
> where username = ?</module-option>
> <module-option name = "rolesQuery">select role, rolegroup from roles
> where username = ?</module-option>
> <module-option name = "hashAlgorithm">MD5</module-option>
> <module-option name = "hashEncoding">base64</module-option>
> </login-module>
> </authentication>
> </application-policy>
>
> Thanks again.
-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
