The security-domain needs to point to a valid configuration. There is some configuration error or database schema problem.
xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: <Jonathan.O'[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 04, 2002 2:23 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule > Scott, > Hang on a moment. But, Todd has a WEB-INF/jboss-web.xml file and the > security domain is pointing to his AbilSoftRealm and not to other. > Do you have to point to other for this stuff to work? And why does what > Todd is doing not work? > > Ciao, > Jonathan O'Connor > Ph: +353 1 872 3305 > Mob: +353 86 824 9736 > Fax: +353 1 873 3612 > > > > > Scott M Stark <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 03.11.2002 16:50 > Please respond to jboss-user > > > To: [EMAIL PROTECTED] > cc: > Subject: Re: [JBoss-user] DatabaseServerLoginModule > > > There is no jboss-web.xml descriptor describing the security domain > under which authentication should occur. See the getting started guide > where a WEB-INF/jboss-web.xml file is described as being required > to enable security: > > <jboss-web> > <security-domain>java:/jaas/other</security-domain> > </jboss-web> > > On Sunday, November 3, 2002, at 07:30 AM, Todd Gould wrote: > > > > > Hello: > > > > I'm trying to configure the DatabaseServerLoginModule to use as an > > authentication mechanism for a simple JSP with simple FORM based > > security. I'm sure I am missing something, but have not been able to > > find my error(s) in the documentation or other related posts. This is > > with JBoss 3.0.0 with Tomcat 4.0.3. > > > > The problem is as follows: The JSP presents and appears to process the > > login form correctly and just as expected. The problem is that no > > matter > > what I respond to the form with for user and password, I am > > successfully > > transferred to the JSP that is supposed to be guarded. This is to say > > that users/pws that are in the database and any other garbabge that is > > not both appear to work equally well and result in successful > > authentication. There are no errors on the console or log that I have > > found. There are also no errors during startup. There are also no > > indications that any authentication is ocurring. > > > > I'd appreciate any and all help as I'm not sure what I'm missing at > > this > > point. > > > > Here are the relevant sections from the files: > > > > web.xml: > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>BookMarks</web-resource-name> > > <url-pattern>/*</url-pattern> > > </web-resource-collection> > > <auth-constraint> > > <role-name>PortalUser</role-name> > > </auth-constraint> > > </security-constraint> > > > > <login-config> > > <auth-method>FORM</auth-method> > > <realm-name>AbilSoftRealm</realm-name> > > <form-login-config> > > <form-login-page>/login.html</form-login-page> > > <form-error-page>/login-error.html</form-error-page> > > </form-login-config> > > </login-config> > > > > <security-role> > > <role-name>PortalUser</role-name> > > </security-role> > > > > jboss-web.xml: > > > > <jboss-web> <security-domain>java:/jaas/AbilSoftRealm</security-domain> > > </jboss-web> > > > > login-config.xml: > > > > <application-policy name = "SecurityDbRealm"> > > <authentication> > > <login-module code = > > "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = > > "required"> > > <module-option name = "principal">testuser</module-option> > > <module-option name = "userName">testuser</module-option> > > <module-option name = "password">pw</module-option> > > <module-option name = > > "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=Securit > > yDS</module-option> > > </login-module> > > </authentication> > > </application-policy> > > > > > > <application-policy name = "AbilSoftRealm"> > > <authentication> > > <login-module code = > > "org.jboss.security.auth.spi.DatabaseServerLoginModule" > > flag = "required"> > > <module-option name = "dsJndiName">java:/SecurityPool</module-option> > > <module-option name = "principalsQuery">select password from users > > where username = ?</module-option> > > <module-option name = "rolesQuery">select role, rolegroup from roles > > where username = ?</module-option> > > <module-option name = "hashAlgorithm">MD5</module-option> > > <module-option name = "hashEncoding">base64</module-option> > > </login-module> > > </authentication> > > </application-policy> > > > > Thanks again. ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user