Dang, that's got to be the quickest fix to my problems so far! thanks scott. actually, i had to use 'Roles' as the second row, not 'RoleGroup'. going back through the paydocs, i see this now, but i didn't know it was a mandatory field. maybe a suggestion to drop a note in the docs so others don't change this field unknowingly.
thanks again! -----Original Message----- From: Scott M Stark [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 20, 2003 3:25 PM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] DatabaseLoginModule problems Case sentitive name "RoleGroup", not 'rolegroup' xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: "Sonnek, Ryan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 20, 2003 12:26 PM Subject: [JBoss-user] DatabaseLoginModule problems > running a small jsp app on jboss 3.0.6 w/ jetty, i'm having problems with > the JAAS login. the jboss console says that the authentication succeeds, > but the roles fail. i've created a simple testcase by changing the > rolesQuery to hardcode the role i'm looking for, and it still fails. here's > my login-config, web.xml, and jboss-web.xml: > > login-config.xml > <application-policy name="brownnet"> > <authentication> > <login-module > code="org.jboss.security.auth.spi.DatabaseServerLoginModule" > flag="required"> > <module-option name="dsJndiName">java:/bpi/wasd/bpi</module-option> > <module-option name="principalsQuery">select password from bpi_user > where username = ?</module-option> > <module-option name="rolesQuery">SELECT 'bcsDeveloper', 'rolegroup' > FROM bpi_user where username = ?<module-option> > </login-module> > </authentication> > </application-policy> > > web.xml > <!-- Developer Application security --> > <security-constraint> > <web-resource-collection> > <web-resource-name>Bindery Collection System Developer > application</web-resource-name> > <description>Developer application</description> > <url-pattern>/doc/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>bcsDeveloper</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <!-- Define the Login Configuration for this Application --> > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/errorPageLogin.jsp</form-error-page> > </form-login-config> > </login-config> > > <security-role> > <description><![CDATA[Basic BCS user]]></description> > <role-name>bcsUser</role-name> > </security-role> > <security-role> > <description><![CDATA[BCS IT developer]]></description> > <role-name>bcsDeveloper</role-name> > </security-role> > > jboss-web.xml > <jboss-web> > > <security-domain>java:/jaas/brownnet</security-domain> > > <!-- Resource references --> > > <!-- EJB References --> > > </jboss-web> > > console messages: > 14:24:54,485 DEBUG [JBossUserRealm#null] JBossUserPrincipal: ryans > 14:24:54,485 DEBUG [JBossUserRealm#null] created > JBossUserRealm::JBossUserPrinci > pal: ryans > 14:24:54,485 DEBUG [JBossUserRealm#null] authenticating: Name:ryans > Password:*** > * > 14:24:54,525 DEBUG [IdleRemover] internalRegisterPool: registering pool with > interval 900000 old interval: 450000 > 14:24:54,525 DEBUG [LocalManagedConnectionFactory] Using properties: > {user=jboss, password=jbosswasd} > 14:24:54,525 DEBUG [LocalManagedConnectionFactory] Checking driver for URL: > jdbc:oracle:thin:@172.16.1.28:1521:wasd > 14:24:54,525 DEBUG [LocalManagedConnectionFactory] Driver already registered > for url: jdbc:oracle:thin:@172.16.1.28:1521:wasd > 14:24:54,735 DEBUG [JBossUserRealm#null] authenticated: ryans > 14:24:54,745 DEBUG [JBossUserRealm#null] setting JAAS > subjectAttributeName(j_subject) : Subject: Principal: ryans > Principal: rolegroup > 14:24:54,775 DEBUG [JBossUserRealm#null] authenticating: Name:ryans > Password:**** > 14:24:54,775 DEBUG [JBossUserRealm#null] authenticated: ryans > 14:24:54,775 DEBUG [JBossUserRealm#null] JBossUserPrincipal: ryans is NOT in > Role: bcsDeveloper > 14:24:54,795 WARN [jbossweb] WARNING: AUTH FAILURE: role for ryans > 14:24:57,579 DEBUG [JBossUserRealm#null] JBossUserPrincipal: ryans is NOT in > Role: bcsDeveloper > > any help would be greatly appreciated. > Ryan > > Ryan J. Sonnek > Brown Printing Company > J2EE Application Developer > 507.835.0803 > <mailto:[EMAIL PROTECTED]> > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. > The most comprehensive and flexible code editor you can use. > Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. > www.slickedit.com/sourceforge > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user > ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
