2 Replies Latest reply on Apr 2, 2002 11:54 AM by dannz89

web app secured resource always not available using Database

dallastx Mar 15, 2002 10:35 AM

Jboss2.4.4.Tomcat4.0.1

I am trying to secure a resource directory in my web-app using DatabaseServerLoginModule in auth.conf.

It appears that the user gets authenticated but I thing the role is not.

Access to the resource is always denied. If I remove the >

<web-resource-name>SecurePages</web-resource-name>
Security constraint for resources
<url-pattern>/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>

the page is displayed properly.

I'm a little confused about the security domain entry in jboss-web.xml.

<jboss-web>
<security-domain>java:/jaas/TRPSECURITY</security-domain>

<resource-ref>
<res-ref-name>jdbc/OracleDB</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<jndi-name>java:/OracleDB</jndi-name>
</resource-ref>
</jboss-web>

TRPSECURITY matches the name in auth.xml for the module

Also the datasource doesn't get returned on my lookup.

I would appreciate knowing if anyone else has role based security or datasources working in this version

1. Re: web app secured resource always not available using Data

wouter Mar 31, 2002 11:33 AM (in response to dallastx)

I have the same problem. I think my auth.conf is correct but am not sure about the database structure (users and userroles). Especially the use of 'Roles' and 'CallerPrincipal' in rolegroup is not clear to me.

Already posted this in another thread : http://main.jboss.org/thread.jsp?forum=49&thread=2113

Did you find a solution ? I'm interested. Thanks.
Actions
2. Re: web app secured resource always not available using Data

dannz89 Apr 2, 2002 11:54 AM (in response to dallastx)

Same here.

The HTTP session does not stay valid.
Actions

Go to original post