Hi,
Let me explain the problem before I publish my code. I have configured web.xml
file with the security constrains--I have configures the database structure in
the way the JBoss JAAS requires--I have configured the login-config.xml file. I
have problems to login with an user having specific roles. In my web.xml file,
if I have a specific role as shown in the code below then the user will not be
able to login. He gets the resource not available error message
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
If I remove the role constrain by setting <role-name>*</role-name> in web.xml
file then the user is able to get the web page.
I have been trying to resolve this from past 2 weeks. Could any one of you
please help me with this issue?
Here are the respective codes
1. Web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Content</web-resource-name>
<url-pattern>/jsf/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/logon.faces</form-login-page>
<form-error-page>/error.faces</form-error-page>
</form-login-config>
</login-config>
<security-role>
The role required to access restricted content
<role-name>admin</role-name>
</security-role>
2. login-config.xml
<application-policy name="sam">
<login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:ds/sam</module-option>
<module-option name="principalsQuery">select password from users where
username=?</module-option>
<module-option name="rolesQuery">select Role, RoleGroup from Roles
where username=?</module-option>
</login-module>
</application-policy>
3. Database tables.
CREATE TABLE users (
username varchar(64) default NULL,
password varchar(64) default NULL
) ;
INSERT INTO users (username, password) VALUES ('admin','admin');
CREATE TABLE Roles (
username varchar(64) NOT NULL,
Role varchar(32) NOT NULL,
RoleGroup varchar(32) NOT NULL
);
INSERT INTO Roles (username, Role, RoleGroup) VALUES ('admin','admin', 'admin');
4. Jboss verion is jboss-4.0.3SP1, Database is PostgresSQL8.1
Please let me know if there are any details that I have missed out.
Thank you,
VinodRamu
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3938171#3938171
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3938171
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
