-
1. Re: FORM based authentication using DatabaseServerLoginModul
gman Aug 19, 2002 6:28 AM (in response to perlboy)I get a similiar error when trying to use basic auth. I'm sure I'm not specifying the security domain in jboss-web.xml properly. How did you do it for basic ? Also, do we have to implement the login ourselves in a servlet ? Surely jboss should do this for us thru j_security_check ?
matt. -
2. Re: FORM based authentication using DatabaseServerLoginModul
sharkman Aug 19, 2002 6:53 AM (in response to perlboy)Your login-config section in the web.xml should look similar to this:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Secured Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/failed.jsp</form-error-page>
</form-login-config>
</login-config>
And in the login.jsp page the action of the form should be set to "j_security_check". The name of the input field containing the name should be j_username and the field of the password should be j_password.
Jboss handles the calls the DatabaseServerLoginModule for you.
- Stefan -
3. Re: FORM based authentication using DatabaseServerLoginModul
perlboy Aug 19, 2002 1:49 PM (in response to perlboy)Hi,
Thanks for your answer, I also tried that, but with no luck.
My web.xml looks like this:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>testDB</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login_failed.jsp</form-error-page>
</form-login-config>
</login-config>
The jsp login page calls j_security_check with j_username and j_password, but no matter what login I use (correct or incorrect) the login_failed.jsp page gets displayed.
On the server it says (using incorrect credentials)
18:44:15,368 WARN [JBossUserRealm#testDB] authentication failure: xxx
When I use a correct username and password, just
18:44:16,259 INFO [Jetty] JSP: init
is displayed and the login_failed.jsp in the browser.
Does anyone have an explanation for this.
Thanks a lot.
jd -
4. Re: FORM based authentication using DatabaseServerLoginModul
terp Aug 20, 2002 5:36 AM (in response to perlboy)Hi
I have had it running like sharkman describes it for a while now on jBoss3.01RC1, but i recently changed to jBoss3.0.1 and now my login jsp page is just rendered blank. What jBoss version are you guys on?
^Torsten -
5. Re: FORM based authentication using DatabaseServerLoginModul
taiwubrian Aug 22, 2002 12:24 AM (in response to perlboy)Hi,
Are there typos in your policy?
(1) Select passwd from Users username where username=?
--> why put a username after Users? is it an alias?
(2) Select userRoles, 'Roles' from ...
--> why single quoted Roles?
(3) <module-option name = "dsJndiMName">
--> should it be dsJndiName? you put an extra M in the middle.
In addition, I think Role shoulds be the first selected field and RoleGroup the next.
Here is my policy and it works:
<application-policy name = "farglory">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/TaiwuDS</module-option>
<module-option name = "principalsQuery">select Password from JAASPrincipal where PrincipalID=?</module-option>
<module-option name = "rolesQuery">select Role, RoleGroup from JAASRole where PrincipalID=?</module-option>
</login-module>
</application-policy>
Good Luck.
Brian -
6. Re: FORM based authentication using DatabaseServerLoginModul
perlboy Aug 22, 2002 3:37 AM (in response to perlboy)Thank you very much for your answers. I will try this.
jd