Need help with FORM-based authentication (Jboss Developer He
kenryu Sep 29, 2002 4:25 AMhi everyone;
I tried to make the FORM based authentication work using Jboss 3.0.2 in windows 2000 but whenever I tried to login (http://localhost:8080/loginTest/index.jsp), I alwalys got the error page even though I successfuly login and got this message from Jboss:
"WARN [JBossUserRealm#testDB] authentication failure: null"
I also can still see the welcome page (http://localhost:8080/loginTest/) even though it's in secured folder which user can only see if you're login. But if I login using http://localhost:8080/loginTest/secured/welcome.jsp
then it will bring me to the login page(index.jsp) that will take me to the welcome page if I login correctly.
This is my login file (index.jsp):
<!-- you can also use this : -->
<!---->
Username:
Password:
this is what I configured in login-config.xml
===========================
<application-policy name = "testDB">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/MSSQLDS</module-option>
<module-option name = "principal">tj</module-option>
<module-option name = "principalsQuery">select passwd from Users username where username=?</module-option>
<module-option name = "rolesQuery">select userRoles, 'Roles' from UserRoles where username=?</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MSSQLDS</module-option>
</login-module>
</application-policy>
this is my jboss-web.xml
========================
<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users.
<security-domain>java:/jaas/jmx-console</security-domain>
-->
<security-domain>java:/jaas/testDB</security-domain>
</jboss-web>
this is my web.xml
==================
<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!--make sure to put the welcome-file-list before security-constraint tag-->
<!--otherwise it will complain and does not work-->
<!--if welcome-file contains : /secured/welcome.jsp then it will complain(but sometimes NOT)-->
<!-- so you have to take / to be: secured/welcome.jsp so that it will not -->
<!--complain again-->
<welcome-file-list>
<welcome-file>secured/welcome.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>customer</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/secured/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>customer</role-name>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>testDB</realm-name>
<form-login-config>
<form-login-page>/index.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<!--security-role>
<role-name>customer</role-name>
</security-role-->
</web-app>
I have read some couple posting in forum but I still don't see any complete working example for Jboss3.0.2 (including the .jsp page). Could anybody please post one working example ? I have posted couple questions before but I haven't had any help from the forum so please need help maybe somebody from Jboss Developer?