Thanks for responding. :) Here are the files that should be relevant from our 3.2 (both .3 and .5) config - the login-config.xml is the same as what ships with jboss, plus our application-policy, shown below. Obviously, we've had to sanitize some things - the example.com stuff isn't real.
Experiments we have run: - misspelled the "login-module" in login-config.xml tag; this caused jboss to complain, so we know it's at least parsing the file. - misspelled something in web.xml to similar effect. - removed the existing security-roles from the auth-constraint in the security-contraint for /* and added a security-role that didn't exist; no change in behavior - we get the login page before going to any protected page, but any user name lets us through. Is there any other info that might be of use? Thanks, Diwakar | ### web.xml - same for 3.0.8 and 3.2.3 ### | | <?xml version="1.0" encoding="UTF-8"?> | <!DOCTYPE web-app PUBLIC | "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" | "http://java.sun.com/dtd/web-app_2_3.dtd";> | | <web-app> | <!-- ### Servlets --> | <servlet> | <servlet-name>ExampleServlet</servlet-name> | <servlet-class>com.example.ExampleServlet</servlet-class> | </servlet> | | <!-- ### Servlet Mappings --> | <servlet-mapping> | <servlet-name>ExampleServlet</servlet-name> | <url-pattern>/ExampleServlet</url-pattern> | </servlet-mapping> | | <session-config> | <session-timeout>30</session-timeout> | </session-config> | | <!-- The Welcome File List --> | | <welcome-file-list> | <welcome-file>index.jsp</welcome-file> | </welcome-file-list> | | <error-page> | <error-code>403</error-code> | <location>/AccessDenied.jsp</location> | </error-page> | | <error-page> | <error-code>404</error-code> | <location>/AccessDenied.jsp</location> | </error-page> | | <security-constraint> | <web-resource-collection> | <web-resource-name>Login</web-resource-name> | <url-pattern>/*</url-pattern> | </web-resource-collection> | <auth-constraint> | <role-name>Admin</role-name> | <role-name>Operator</role-name> | </auth-constraint> | <user-data-constraint> | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | </user-data-constraint> | </security-constraint> | | <security-constraint> | <web-resource-collection> | <web-resource-name>Admin</web-resource-name> | <url-pattern>/Admin/*</url-pattern> | </web-resource-collection> | <auth-constraint> | <role-name>Admin</role-name> | </auth-constraint> | </security-constraint> | | <login-config> | <auth-method>FORM</auth-method> | <realm-name>example-login</realm-name> | <form-login-config> | <form-login-page>/login.jsp</form-login-page> | <form-error-page>/loginError.jsp</form-error-page> | </form-login-config> | </login-config> | | <security-role> | <role-name>Admin</role-name> | </security-role> | | <security-role> | <role-name>Operator</role-name> | </security-role> | | <ejb-ref> | <ejb-ref-name>DbExampleBean</ejb-ref-name> | <ejb-ref-type>Session</ejb-ref-type> | <home>DbExampleRemoteHome</home> | <remote>DbExampleRemote</remote> | </ejb-ref> | | </web-app> | | | | ### jboss-web.xml - same for 3.0.8 and 3.2.3 ### | | <?xml version="1.0" encoding="UTF-8"?> | <!DOCTYPE jboss-web | PUBLIC "-//JBoss//DTD Web Application 2.3//EN" | "http://www.jboss.org/j2ee/dtds/jboss-web_3_0.dtd";> | | <jboss-web> | | <security-domain>java:/jaas/example-login</security-domain> | | <ejb-ref> | <ejb-ref-name>DbExampleBean</ejb-ref-name> | <jndi-name>ejb/DbExampleBean</jndi-name> | </ejb-ref> | </jboss-web> | | | | ### login-config.xml ### | | <?xml version='1.0'?> | <!DOCTYPE policy PUBLIC | "-//JBoss//DTD JBOSS Security Config 3.0//EN" | "http://www.jboss.org/j2ee/dtd/security_config.dtd";> | | <policy> | <!-- Used by clients within the application server VM such as | mbeans and servlets that access EJBs. | --> | | <!-- This is our login module --> | <application-policy name = "example-login"> | <authentication> | <login-module | code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" | flag = "required"> | <module-option name = "dsJndiName">java:/OracleDS</module-option> | <module-option name = "principalsQuery"> | SELECT table_user.login_password FROM table_user | WHERE table_user.status = 1 and table_user.login_name = ? | </module-option> | <module-option name = "rolesQuery"> | SELECT table_user_role.role_name, 'Roles' RoleGroup | FROM table_user, table_user2user_role, table_user_role | WHERE table_user.status = 1 | and table_user.user_id = table_user2user_role.user_id | and table_user_role.role_id = table_user2user_role.role_id | and table_user.login_name = ? | </module-option> | </login-module> | </authentication> | </application-policy> | | | <!-- more application-policy tags follow, not shown | <application-policy name = "..."> | ... | </application-policy> | --> | </policy> | | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842458#3842458 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3842458 ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
