4 Replies Latest reply on Sep 6, 2002 2:10 PM by tool

JBOSS 3.0.0/Tomcat 4.0.3 authentication doesn't work

pete Aug 14, 2002 11:43 AM

I'm trying to access a JBOSS app via a security-protected servlet but cannot get authentication to work. I'm using Tomcat 4.0.3 with JBOSS 3.0.0, integrated not standalone. I'm fairly confident the web.xml file is correct because when attempting to access the application main screen, a redirection to the login form occurs (as specified in the web.xml). However, you can type anything in here and access will be granted. Further, the servlet returns TRUE for userInRole() whatever parameter you give it. There are users and roles set up in tomcats default realm, but they are ignored. The online docs seem to refer to previous versions of JBOSS as most of the config files involved either no longer exist in JBOSS 3 or have been upgraded, so I'm rather in the dark...any help very much appreciated!

Pete

1. Re: JBOSS 3.0.0/Tomcat 4.0.3 authentication doesn't work

kevin Sep 5, 2002 8:46 PM (in response to pete)

Did you ever solve this?

I'm having the same problem :)

-k.
Actions
2. Re: JBOSS 3.0.0/Tomcat 4.0.3 authentication doesn't work

kplex Sep 6, 2002 6:47 AM (in response to pete)

Just to add my name to the list of people having this problem...

Just another few hours and I'll be bald from tearing my hair out :)
Actions
3. Re: JBOSS 3.0.0/Tomcat 4.0.3 authentication doesn't work

kplex Sep 6, 2002 6:49 AM (in response to pete)

I'm also having this very same problem with jboss-3.0.1_tomcat-4.0.4.

Any suggestions, or anyone else got this problem..
Actions
4. Re: JBOSS 3.0.0/Tomcat 4.0.3 authentication doesn't work

tool Sep 6, 2002 2:10 PM (in response to pete)

Which Login Module are you using?
If it is the ClientLoginModule, then this occurence would make sense since it just binds the input user name to the input password and then "grants" access, without actually doing any kind of authentication! Kind of weird and crazy but true. I had this problem happen to me for a while and thats what it was.
How about posting the relevant pieces of your config files?
Specifically, ejb-jar.xml, jboss and jboss-web.xml and login-config.xml

tool
Actions

Go to original post