It is impossible to tell without your data, which I doubt you want to post.
Most likely, the value of ROLEGROUP in the db is not "Roles". If you are not interested in other types of roles, you can just write your query: SELECT ROLE, 'Roles' FROM ROLES WHERE PRINCIPAL_ID=? Regards, Adrian On Thu, 2003-12-04 at 17:32, Giovanni Formenti wrote: > Hi! > I'd like to create a war with some security constraints! > > I modify login-config.xml and I create the database's tables: > <application-policy name = "dafne"> > <authentication> > <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" > flag = "required"> > <module-option name = "dsJndiName">java:/MySqlDS</module-option> > <module-option name = "principalsQuery">SELECT PASSWORD FROM PRINCIPALS > WHERE PRINCIPAL_ID=?</module-option> > <module-option name = "rolesQuery">SELECT ROLE,ROLEGROUP FROM ROLES WHERE > PRINCIPAL_ID=?</module-option> > </login-module> > </authentication> > </application-policy> > > I create jboss-web.xml: > <jboss-web> > <security-domain>java:/jaas/dafne</security-domain> > </jboss-web> > > And finally I put the web constraints: > <security-constraint> > <web-resource-collection> > <web-resource-name>Protected</web-resource-name> > <url-pattern>/index.jsp</url-pattern> > <http-method>POST</http-method> > <http-method>GET</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>default</realm-name> > </login-config> > <security-role> > <role-name>admin</role-name> > </security-role> > > The authantication works good: > xxx.xxx.xxx.xxx - admin [04/Dec/2003:18:28:16 1000] "GET /aaa/index.jsp > HTTP/1.1" 403 839 > but a 403 will appear: > Access to the specified resource (Access to the requested resource has been > denied) has been forbidden > > Maybe JBoss can't bound username with role... > Why this don't work!? What I miss?! > Help me please!!! > > Gio > > > > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user -- xxxxxxxxxxxxxxxxxxxxxxxx Adrian Brock Director of Support Back Office JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
