Need help with FORM-based authentication (Jboss Developer He
kenryu Sep 29, 2002 4:25 AMhi everyone;
I tried to make the FORM based authentication work using Jboss 3.0.2 in windows 2000 but whenever I tried to login (http://localhost:8080/loginTest/index.jsp), I alwalys got the error page even though I successfuly login and got this message from Jboss:
"WARN [JBossUserRealm#testDB] authentication failure: null"
I also can still see the welcome page (http://localhost:8080/loginTest/) even though it's in secured folder which user can only see if you're login. But if I login using http://localhost:8080/loginTest/secured/welcome.jsp
then it will bring me to the login page(index.jsp) that will take me to the welcome page if I login correctly.
This is my login file (index.jsp):
<!-- you can also use this : -->
<!---->
Username:
Password:
this is what I configured in login-config.xml
===========================
 <application-policy name = "testDB">
 <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
 flag = "required">
 <module-option name = "dsJndiName">java:/MSSQLDS</module-option>
 <module-option name = "principal">tj</module-option>
 <module-option name = "principalsQuery">select passwd from Users username where username=?</module-option>
 <module-option name = "rolesQuery">select userRoles, 'Roles' from UserRoles where username=?</module-option>
 <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MSSQLDS</module-option>
 </login-module>
 </application-policy>
this is my jboss-web.xml
========================
<jboss-web>
 <!-- Uncomment the security-domain to enable security. You will
 need to edit the htmladaptor login configuration to setup the
 login modules used to authentication users.
 <security-domain>java:/jaas/jmx-console</security-domain>
 -->
 <security-domain>java:/jaas/testDB</security-domain>
</jboss-web>
this is my web.xml
==================
<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
 "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
 <!--make sure to put the welcome-file-list before security-constraint tag-->
 <!--otherwise it will complain and does not work-->
 <!--if welcome-file contains : /secured/welcome.jsp then it will complain(but sometimes NOT)-->
 <!-- so you have to take / to be: secured/welcome.jsp so that it will not -->
 <!--complain again-->
 <welcome-file-list>
 <welcome-file>secured/welcome.jsp</welcome-file>
 </welcome-file-list>
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>customer</web-resource-name>
 <!-- Define the context-relative URL(s) to be protected -->
 <url-pattern>/secured/*</url-pattern>
 <!-- If you list http methods, only those methods are protected -->
 <http-method>DELETE</http-method>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 <http-method>PUT</http-method>
 </web-resource-collection>
 <auth-constraint>
 <!-- Anyone with one of the listed roles may access this area -->
 <role-name>customer</role-name>
 <role-name>manager</role-name>
 </auth-constraint>
 <user-data-constraint>
 <transport-guarantee>NONE</transport-guarantee>
 </user-data-constraint>
 </security-constraint>
 <!-- Default login configuration uses form-based authentication -->
 <login-config>
 <auth-method>FORM</auth-method>
 <realm-name>testDB</realm-name>
 <form-login-config>
 <form-login-page>/index.jsp</form-login-page>
 <form-error-page>/error.jsp</form-error-page>
 </form-login-config>
 </login-config>
 <!--security-role>
 <role-name>customer</role-name>
 </security-role-->
</web-app>
I have read some couple posting in forum but I still don't see any complete working example for Jboss3.0.2 (including the .jsp page). Could anybody please post one working example ? I have posted couple questions before but I haven't had any help from the forum so please need help maybe somebody from Jboss Developer?
 
     
    