Jboss-Tomcat Form Based Authentication
erocha Sep 12, 2002 10:44 AMHello,
I am new to JBoss and need some help setting up Authentication. I would like to use the Tomcat JDBCRealm, I am only interested in securing the front (jsp/html). I thought Tomcat Realms would be something easy to do without having to get into JAAS at this point. This is what my files look like. I am using jboss-3.0.0_tomcat-4.0.3 and postgresql
--------------------------------------
- $JBOSS_HOME/catalina/conf/server.xml
--------------------------------------
<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="org.postgresql.Driver"
connectionURL="jdbc:postgresql:tryplec_db"
connectionName="tryplec"
connectionPassword="tryplec"
userTable="dt_user"
userNameCol="user_name"
userCredCol="user_passwd"
userRoleTable="dt_org_user_role"
roleNameCol="role_name" />
-----------------
- WEB-INF/web.xml
-----------------
<web-app>
<!-- Default login configuration uses form-based authentication -->
<!--
<session-config>
<session-timeout>720</session-timeout>
</session-config>
-->
<security-constraint>
<display-name>Secured Tryplec</display-name>
<web-resource-collection>
<web-resource-name>TryplecResource</web-resource-name>
<description>Accessible by authorized users</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>These are the roles who have access</description>
<role-name>MA</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>TryplecRealm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/failedLogin.html</form-error-page>
</form-login-config>
</login-config>
</web-app>
-----------------------
- WEB-INF/jboss-web.xml
-----------------------
<jboss-web>
<security-domain></security-domain>
</jboss-web>
----------
- foo.html
-----------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title> YEY! </title>
</head>
<body>
<center><h1>Welcome to tryplec ! </h1></center>
GOT IN
</body>
</html>
------------
- login.html
------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title> Tryplec </title>
</head>
<body>
<center><h1>Welcome to tryplec ! </h1></center>
<form method="POST" action="j_security_check">
<table>
<tr><td>User Name: </td>
<td><input type="text" name="j_username"></td>
</tr>
<tr><td>Password: </td>
<td> <input type="password" name="j_password"> </td>
</tr>
<tr><td><br><input type=submit value="Login"></td>
</table>
</form>
</body>
</html>
------------------
- failedLogin.html
------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title> Tryplec </title>
</head>
<body>
<center><h1>Welcome to tryplec ! </h1></center>
FAILED
<form method="POST" action="j_security_check">
<table>
<tr><td>User Name: </td>
<td><input type="text" name="j_username"></td>
</tr>
<tr><td>Password: </td>
<td> <input type="password" name="j_password"> </td>
</tr>
<tr><td><br><input type=submit value="Login"></td>
</table>
</form>
</body>
</html>
-------------------------------------
If you notice in the jboss-web.xml the security-domain clause is empty. I am not sure what needs to be there but leaving it is a problem too.
Tomcat does not seem to be doing an attempt to access the DB either.
Do I need to go back and use JAAS or can I get Tomcat Realms working?
If I need to use JAAS where can I find an example I can install and get working so I can modify later to build my prototype?
Thank you much for your patience with this dumb question.
erocha