[JBoss-user] [Security & JAAS/JBoss] - Webapp Always Allows Access Using Basic Authentication

Mon, 21 Jun 2004 06:05:08 -0700 

Hi my problem is that no matter what username password combo I enter in my login box 
(BASIC authentication) I am always granted access to the restricted resources.

my jboss-web.xml is as follows

<jboss-web>
      <security-domain>java:/jaas/webcreator</security-domain>
</jboss-web>

my web.xml is as follows

...
<security-constraint>
     <web-resource-collection>
       <web-resource-name>SecuredPages</web-resource-name>
       bla bla bla
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
     </web-resource-collection>
     <auth-constraint>
       <role-name>power</role-name>
     </auth-constraint>
   </security-constraint>
  
   <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>JBoss JMX Console</realm-name>
   </login-config>

   <security-role>
      <role-name>power</role-name>
   </security-role>
...

login-conf.xml is as follows

...


    <application-policy name = "webcreator">
       
            <login-module code = 
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
             flag = "required">
         <module-option name = "dsJndiName">java:/mysqlDS</module-option>
         <module-option name = "principalsQuery">select password from users where 
username=?</module-option>
         <module-option name = "rolesQuery">select role 'Role', "Roles" as RoleGroup 
from access where username=?</module-option>
          </login-module>
        
    </application-policy>

...

by changing the above details for securing jmx-console works fine and only the 
appropriate users have access, so I don't think there is  a problem with the 
DatabasServerLoginModule in login-config.xml.

Can anybody help with why it always lets me in, in my webapp.

Is there anything else that is required other that jboss-web.xml, web.xml and 
login-config.xml

thanks
Mat

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3839388#3839388

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3839388


-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to