DatabaseServerLoginModule
skidvd Nov 2, 2002 10:14 PMHello:
I'm trying to configure the DatabaseServerLoginModule to use as an authentication mechanism for a simple JSP with simple FORM based security. I'm sure I am missing something, but have not been able to find my error(s) in the documentation or other related posts. This is with JBoss 3.0.0 with Tomcat 4.0.3.
The problem is as follows: The JSP presents and appears to process the login form correctly and just as expected. The problem is that no matter what I respond to the form with for user and password, I am successfully transferred to the JSP that is supposed to be guarded. This is to say that users/pws that are in the database and any other garbabge that is not both appear to work equally well and result in successful authentication. There are no errors on the console or log that I have found. There are also no errors during startup. There are also no indications that any authentication is ocurring.
I'd appreciate any and all help as I'm not sure what I'm missing at this point.
Here are the relevant sections from the files:
web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>BookMarks</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>PortalUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>AbilSoftRealm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login-error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>PortalUser</role-name>
</security-role>
jboss-web.xml:
<jboss-web> <security-domain>java:/jaas/AbilSoftRealm</security-domain>
</jboss-web>
login-config.xml:
<application-policy name = "SecurityDbRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
<module-option name = "principal">testuser</module-option>
<module-option name = "userName">testuser</module-option>
<module-option name = "password">pw</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=SecurityDS</module-option>
</login-module>
</application-policy>
<application-policy name = "AbilSoftRealm">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/SecurityPool</module-option>
<module-option name = "principalsQuery">select password from users
where username = ?</module-option>
<module-option name = "rolesQuery">select role, rolegroup from roles where username = ?</module-option>
<module-option name = "hashAlgorithm">MD5</module-option>
<module-option name = "hashEncoding">base64</module-option>
</login-module>
</application-policy>
Thanks again.