FORM login doesn't work properly, help!!
zarni Aug 23, 2002 2:50 PMI've tried everything, but still doesn't work...
I've set up a simple FORM auth for my app. but i can't login.
And if i set the url-pattern in the security-constraint (web.xml) to "/*.jsp" , then i can access all my pages and jboss
doesn't redirect me to the login page.
If i set the pattern to "/*" , everything works correct but i can never login...
I don't know what I'm missing. I did this by an example from the forum, but it won't work...
I also created the database tables for DatabaseServerLoginModule, with users and roles..
Please, help me, somebody!
...Zarni...
Here are my files:
(web.xml)
<security-constraint>
<web-resource-collection>
<web-resource-name>ekatalog</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
<!-- If you list http methods, only those methods are protected
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>-->
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>user</role-name>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MySqlRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/errorlogin.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
</web-app>
(jboss-web.xml)
<jboss-web>
<security-domain>java:/jaas/MySqlRealm</security-domain>
</jboss-web>
(login-config.xml - the realms)
...
<application-policy name = "MySqlRealm">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name="dsJndiName">java:/mySQLDS</module-option>
<module-option name="principal">ekroot</module-option>
<module-option name="principalsQuery">SELECT password FROM ek.users WHERE username=?</module-option>
<module-option name="rolesQuery">SELECT rolename, rolegroup FROM ek.userroles WHERE username=?</module-option>
<module-option name= "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=mySQLDS</module-option>
</login-module>
</application-policy>
<application-policy name = "MySqlDbRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
<module-option name= "principal">ekuser</module-option>
<module-option name= "userName">ekuser</module-option>
<module-option name= "password">ek1329</module-option>
<module-option name= "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=mySQLDS</module-option>
</login-module>
</application-policy>
...
(i use mysql... mysql-service.xml)
...
MySqlDbRealm
<depends optional-attribute-name="ManagedConnectionFactoryName">
<!--embedded mbean-->
mySQLDS
<config-property name="ConnectionURL" type="java.lang.String">jdbc:mysql://localhost:3306/ek</config-property>
<config-property name="DriverClass" type="java.lang.String">org.gjt.mm.mysql.Driver</config-property>
<!--set these only if you want only default logins, not through JAAS -->
<config-property name="UserName" type="java.lang.String">ekuser</config-property>
<config-property name="Password" type="java.lang.String">ek1329</config-property>
...