I did follow the "Complate configuration of Jass on Jboss" http://www.javaworld.com/javaforums/showthreaded.php?Cat=&Board=JavaSecurity&Number=17048&page=&view=&sb=5&o=&vc=1 And after configuring everything as follows:
login-config.xml : <application-policy name="PgDbRealm"> <login-module code="org.jboss.security.ClientLoginModule" flag="required"> </login-module> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=naturaDS</module-option> <module-option name="dsJndiName">java:/naturaDS</module-option> <module-option name="principalsQuery">Select password from usuarios where idusuario =?</module-option> <module-option name="rolesQuery">Select R.role AS Roles, G.descripcion AS RoleGroups from gruposusuarios GU,roles R, grupos G where idusuario =? AND GU.idrole=R.idrole AND GU.idgrupo=G.idgrupo</module-option> </login-module> </application-policy> jboss-web.xml: <security-domain>java:/jaas/PgDbRealm</security-domain> web.xml : <security-constraint> <web-resource-collection> <web-resource-name>protected-resources</web-resource-name> <url-pattern>/distribuidores/*</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>SUPERUSUARIO</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login.jsp</form-error-page> </form-login-config> </login-config> <security-role> The SUPERUSUARIO role <role-name>SUPERUSUARIO</role-name> </security-role> \jboss-4.0.1sp1\server\default\conf\auth.conf : // The JBoss server side JAAS login config file for the examples client-login { org.jboss.security.ClientLoginModule required; }; PgDbRealm { org.jboss.security.ClientLoginModule required; org.jboss.security.auth.spi.UsersRolesLoginModule required; org.jboss.security.auth.spi.DatabaseServerLoginModule required dsJndiName="java:/naturaDS" principalsQuery="Select password from usuarios where idusuario =?" rolesQuery="Select R.role AS Roles, G.descripcion AS RoleGroups from gruposusuarios GU,roles R, grupos G where idusuario =? AND GU.idrole=R.idrole AND GU.idgrupo=G.idgrupo" ; }; \jboss-4.0.1sp1\client\auth.conf : client-login { org.jboss.security.ClientLoginModule required; }; PgDbRealm { org.jboss.security.ClientLoginModule required; org.jboss.security.auth.spi.DatabaseServerLoginModule required; }; my LogginCheckAction : Principal userPrincipal =null; try { String username=request.getParameter("j_username"); String password=request.getParameter("j_password"); System.out.println("intentare logueo-----------------"); System.out.println("password = " + password); System.out.println("username = " + username); SecurityAssociationHandler handler = new SecurityAssociationHandler(); userPrincipal= new SimplePrincipal(username); handler.setSecurityInfo(userPrincipal, password.toCharArray()); LoginContext loginContext = new LoginContext("PgDbRealm",(CallbackHandler) handler); loginContext.login(); HttpSession session = request.getSession(true); session.setAttribute("Login_Context",loginContext); Subject subject = loginContext.getSubject(); Set principals = subject.getPrincipals(); principals.add(userPrincipal); } catch (LoginException e) { errors.add("loginerror", new ActionError("Wrong Username or Password")); saveErrors(request, errors); e.printStackTrace(); return mapping.findForward("fail"); } System.out.println("logged in successfully-----------------"+userPrincipal); //I do reach this line login.jsp: <FORM name="logonForm" action="<%=request.getContextPath()%>/login.do" METHOD=POST> Every thing seams to be just fine but... when i ask for a resource under the /distribuidores url-pattern i'am asked to login and I do so and i'am "successfully" logged in but when I try to enter under /distribuidores I'am asked to loggin again when I did it just a few seconds before. any Idea ? regards... View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3874944#3874944 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3874944 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user