Hi,
first i'd like to recall that my configuration is MySQL, JBoss 3.2.3 and i'm also
using Struts (what wouldn't matter i think).
I got so far what seems to be the necessary configuration, but it's not working as
expected. Then, i'll post some code to see if other can point my mistakes. I'd like to
enphasize that i have never worked with jaas (i'm learning it at the moment) so i
might me doing some pretty stupid things over here.
In web.xml
| ...
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>action</web-resource-name>
| <description>Declarative security tests</description>
| <url-pattern>*.do</url-pattern>
| <http-method>GET</http-method>
| <http-method>POST</http-method>
| </web-resource-collection>
|
| <auth-constraint>
| <role-name>Echo</role-name>
| </auth-constraint>
| <user-data-constraint>
| <description>no description</description>
| <transport-guarantee>NONE</transport-guarantee>
| </user-data-constraint>
| </security-constraint>
| <login-config>
| <auth-method>FORM</auth-method>
| <form-login-config>
| <form-login-page>/logon.do</form-login-page>
| <form-error-page>/logoff.do</form-error-page>
| </form-login-config>
| </login-config>
| <security-role>
| <description>A user allowed to invoke echo methods</description>
| <role-name>Echo</role-name>
| </security-role>
| ...
|
It does not matter if you don't know how struts work, the important thing is that the
requests of the application will be redirected to this Servlet, wich responds for the
uri /logon.do.
| //I'm just getting the j_username and j_password from the login.jsp
| LogonreqForm logonreqForm = (LogonreqForm)form;
| String username = logonreqForm.getJ_username();
| String password = logonreqForm.getJ_password();
|
| SecurityAssociationHandler handler = new SecurityAssociationHandler();
| SimplePrincipal user = new SimplePrincipal(username);
| handler.setSecurityInfo(user, password.toCharArray());
| LoginContext loginContext = new LoginContext("example2",
(CallbackHandler)handler);
| loginContext.login();
| Subject subject = loginContext.getSubject();
| Set principals = subject.getPrincipals();
| principals.add(user);
|
| //return to a page confirming a sucessful login
|
The problem is that the Servlet that contains this code always authenticate the user,
even when the inputs (j_username and j_password) are left blank!
Here is my auth.conf in jboss3.2.3/client
| srp-client {
| // Example client auth.conf for using the SRPLoginModule
| org.jboss.security.srp.jaas.SRPLoginModule required
| password-stacking="useFirstPass"
| principalClassName="org.jboss.security.SimplePrincipal"
| srpServerJndiName="SRPServerInterface"
| debug=true
| ;
|
| // jBoss LoginModule
| org.jboss.security.ClientLoginModule required
| password-stacking="useFirstPass"
| ;
|
| // Put your login modules that need jBoss here
| };
|
| other {
| // jBoss LoginModule
| org.jboss.security.ClientLoginModule required
| ;
|
| // Put your login modules that need jBoss here
| };
|
| client-login
| {
| org.jboss.security.ClientLoginModule required;
| };
|
| example2
| {
| org.jboss.security.ClientLoginModule required;
| org.jboss.security.auth.spi.DatabaseServerLoginModule required;
| };
|
|
Here is jboss3.2.3/server/default/conf/auth.conf
| // The JBoss server side JAAS login config file for the examples
|
| client-login
| {
| org.jboss.security.ClientLoginModule required;
| };
|
| example2
| {
| org.jboss.security.ClientLoginModule required;
| org.jboss.security.auth.spi.DatabaseServerLoginModule required
| dsJndiName="java:/DefaultDS"
| principalsQuery="Select Password from Principals where PrincipalID =?"
| rolesQuery="Select Role 'Roles', RoleGroup 'RoleGroups' from Roles where
PrincipalID =?"
| ;
| };
|
Here's login-config.xml
| ...
| <application-policy name="example2">
| <authentication>
| <login-module code="org.jboss.security.ClientLoginModule"
flag="required">
| </login-module>
| <login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
| <module-option
name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
| <module-option
name="dsJndiName">java:/DefaultDS</module-option>
| <module-option name="principalsQuery">Select Password
from Principals where PrincipalID =?</module-option>
| <module-option name="rolesQuery">Select Role 'Roles',
RoleGroup 'RoleGroups' from Roles where PrincipalID =?</module-option>
| </login-module>
| </authentication>
| </application-policy>
| ...
|
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3845341#3845341
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3845341
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
