8 Replies Latest reply on Oct 9, 2002 5:23 PM by erocha

    Jboss-Tomcat Form Based Authentication

    erocha

      Hello,

      I am new to JBoss and need some help setting up Authentication. I would like to use the Tomcat JDBCRealm, I am only interested in securing the front (jsp/html). I thought Tomcat Realms would be something easy to do without having to get into JAAS at this point. This is what my files look like. I am using jboss-3.0.0_tomcat-4.0.3 and postgresql

      --------------------------------------
      - $JBOSS_HOME/catalina/conf/server.xml
      --------------------------------------
      <Realm className="org.apache.catalina.realm.JDBCRealm"
      debug="99"
      driverName="org.postgresql.Driver"
      connectionURL="jdbc:postgresql:tryplec_db"
      connectionName="tryplec"
      connectionPassword="tryplec"
      userTable="dt_user"
      userNameCol="user_name"
      userCredCol="user_passwd"
      userRoleTable="dt_org_user_role"
      roleNameCol="role_name" />

      -----------------
      - WEB-INF/web.xml
      -----------------
      <web-app>
      <!-- Default login configuration uses form-based authentication -->
      <!--
      <session-config>
      <session-timeout>720</session-timeout>
      </session-config>
      -->

      <security-constraint>
      <display-name>Secured Tryplec</display-name>
      <web-resource-collection>
      <web-resource-name>TryplecResource</web-resource-name>
      <description>Accessible by authorized users</description>
      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      <description>These are the roles who have access</description>
      <role-name>MA</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>TryplecRealm</realm-name>
      <form-login-config>
      <form-login-page>/login.html</form-login-page>
      <form-error-page>/failedLogin.html</form-error-page>
      </form-login-config>
      </login-config>
      </web-app>

      -----------------------
      - WEB-INF/jboss-web.xml
      -----------------------
      <jboss-web>
      <security-domain></security-domain>
      </jboss-web>

      ----------
      - foo.html
      -----------
      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
      <html>
      <head>
      <title> YEY! </title>
      </head>
      <body>
      <center><h1>Welcome to tryplec ! </h1></center>
      GOT IN
      </body>
      </html>

      ------------
      - login.html
      ------------
      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
      <html>
      <head>
      <title> Tryplec </title>
      </head>
      <body>
      <center><h1>Welcome to tryplec ! </h1></center>
      <form method="POST" action="j_security_check">
      <table>
      <tr><td>User Name: </td>
      <td><input type="text" name="j_username"></td>
      </tr>
      <tr><td>Password: </td>
      <td> <input type="password" name="j_password"> </td>
      </tr>
      <tr><td><br><input type=submit value="Login"></td>
      </table>
      </form>
      </body>
      </html>

      ------------------
      - failedLogin.html
      ------------------

      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
      <html>
      <head>
      <title> Tryplec </title>
      </head>
      <body>
      <center><h1>Welcome to tryplec ! </h1></center>
      FAILED
      <form method="POST" action="j_security_check">
      <table>
      <tr><td>User Name: </td>
      <td><input type="text" name="j_username"></td>
      </tr>
      <tr><td>Password: </td>
      <td> <input type="password" name="j_password"> </td>
      </tr>
      <tr><td><br><input type=submit value="Login"></td>
      </table>
      </form>
      </body>
      </html>


      -------------------------------------

      If you notice in the jboss-web.xml the security-domain clause is empty. I am not sure what needs to be there but leaving it is a problem too.

      Tomcat does not seem to be doing an attempt to access the DB either.

      Do I need to go back and use JAAS or can I get Tomcat Realms working?

      If I need to use JAAS where can I find an example I can install and get working so I can modify later to build my prototype?

      Thank you much for your patience with this dumb question.

      erocha

        • 1. Re: Jboss-Tomcat Form Based Authentication
          tool

          erocha,
          I don't know about the Tomcat Realms angle, but I posted a zip containing the setup for FORM based logins at this address:
          http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t=forums/ might help you out by showing all the necessary components and how they link together.
          Good luck,
          tool

          • 2. Re: Jboss-Tomcat Form Based Authentication
            erocha

            Tool,

            thanks for your response.
            I followed the example that you posted but I am getting the following error when I try to access an html file.
            -----------------
            Apache Tomcat/4.0.3 - HTTP Status 403 - Access to the requested resource has been denied
            type Status report

            message Access to the requested resource has been denied

            description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
            ---------------

            where is my war file and config files

            Please advise

            Efrain

            • 3. Re: Jboss-Tomcat Form Based Authentication
              erocha

              Tool,

              thanks for your response.
              I followed the example that you posted but I am getting the following error when I try to access an html file.
              -----------------
              Apache Tomcat/4.0.3 - HTTP Status 403 - Access to the requested resource has been denied
              type Status report

              message Access to the requested resource has been denied

              description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
              ---------------

              where is my war file and config files

              Please advise

              Efrain

              • 4. Re: Jboss-Tomcat Form Based Authentication
                erocha

                Tool,

                thanks for your response.
                I followed the example that you posted but I am getting the following error when I try to access an html file.
                -----------------
                Apache Tomcat/4.0.3 - HTTP Status 403 - Access to the requested resource has been denied
                type Status report

                message Access to the requested resource has been denied

                description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
                ---------------

                where is my war file and config files

                Please advise

                Efrain

                • 5. Re: Jboss-Tomcat Form Based Authentication
                  erocha

                  Tool,

                  thanks for your response.
                  I followed the example that you posted but I am getting the following error when I try to access an html file.
                  -----------------
                  Apache Tomcat/4.0.3 - HTTP Status 403 - Access to the requested resource has been denied
                  type Status report

                  message Access to the requested resource has been denied

                  description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
                  ---------------

                  where is my war file and config files

                  Please advise

                  Efrain

                  • 6. Re: Jboss-Tomcat Form Based Authentication
                    erocha

                    Tool,

                    thanks for your response.
                    I followed the example that you posted but I am getting the following error when I try to access an html file.
                    -----------------
                    Apache Tomcat/4.0.3 - HTTP Status 403 - Access to the requested resource has been denied
                    type Status report

                    message Access to the requested resource has been denied

                    description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
                    ---------------

                    where is my war file and config files

                    Please advise

                    Efrain

                    • 7. Re: Jboss-Tomcat Form Based Authentication
                      erocha

                      Tool,

                      thanks for your response.
                      I followed the example that you posted but I am getting the following error when I try to access an html file.
                      -----------------
                      Apache Tomcat/4.0.3 - HTTP Status 403 - Access to the requested resource has been denied
                      type Status report

                      message Access to the requested resource has been denied

                      description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
                      ---------------

                      where is my war file and config files

                      Please advise

                      Efrain

                      • 8. Re: Jboss-Tomcat Form Based Authentication
                        erocha

                        Tool,

                        thanks for your response.
                        I followed the example that you posted but I am getting the following error when I try to access an html file.
                        -----------------
                        Apache Tomcat/4.0.3 - HTTP Status 403 - Access to the requested resource has been denied
                        type Status report

                        message Access to the requested resource has been denied

                        description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
                        ---------------

                        where is my war file and config files

                        Please advise

                        Efrain