Problems configuring JBoss for Form based authentication usi
jurjan Feb 26, 2003 10:29 AMI've been trying to configure the DatabaseServerLoginModule for setting up FORM based authentication with JAAS.
I'm using JBoss 3.0.4 and Jdk 1.3.1 by the way.
Whatever I do nothing seems to work, this is what I did 'till now:
1) Added an application policy to login-config.xml
<application-policy name = "PortInfolinkRealm">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<!-- Datasource -->
<module-option name = "dsJndiName">java:/OraclePortinfolinkDS</module-option>
<!-- Query -->
<module-option name = "principalsQuery">SELECT password FROM principals WHERE principalid = ?</module-option>
<module-option name = "rolesQuery">SELECT role, rolegroup FROM roles WHERE principalid = ?</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=OraclePortinfolinkDS</module-option>
</login-module>
</application-policy>
2) Registered a datasource
<?xml version="1.0" encoding="UTF-8"?>
<!-- ===================================================================== -->
<!-- -->
<!-- JBoss Server Configuration -->
<!-- -->
<!-- ===================================================================== -->
<!-- ==================================================================== -->
<!-- ConnectionManager setup for Oracle dbs -->
<!-- Build jmx-api (build/build.sh all) and view for config documentation -->
<!-- Thanks to Steven Coy -->
<!-- ==================================================================== -->
<!-- Include a login module configuration named OracleDbRealm.
Update your login-conf.xml, here is an example for a
ConfiguredIdentityLoginModule:
<application-policy name = "OracleDbRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
<module-option name = "principal">yourprincipal</module-option>
<module-option name = "userName">yourusername</module-option>
<module-option name = "password">yourpassword</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=OraclePortinfolinkDS</module-option>
</login-module>
</application-policy>
NOTE: the application-policy name attribute must match SecurityDomainJndiName, and the
module-option name = "managedConnectionFactoryName"
must match the object name of the ConnectionManager you are configuring here.
-->
<!--uncomment out this line if you are using the OracleDbRealm above-->
PortInfolinkRealm
<depends optional-attribute-name="ManagedConnectionFactoryName">
<!--embedded mbean-->
OraclePortinfolinkDS
<config-property name="ConnectionURL" type="java.lang.String">jdbc:oracle:thin:@{URL}:1521:dev001</config-property>
<config-property name="DriverClass" type="java.lang.String">oracle.jdbc.driver.OracleDriver</config-property>
<!--set these only if you want only default logins, not through JAAS -->
<config-property name="UserName" type="java.lang.String">{my_username}</config-property>
<config-property name="Password" type="java.lang.String">{my_password}</config-property>
<!--Below here are advanced properties -->
<!--hack-->
<depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper
<depends optional-attribute-name="ManagedConnectionPool">
<!--embedded mbean-->
0
50
5000
15
<!--criteria indicates if Subject (from security domain) or app supplied
parameters (such as from getConnection(user, pw)) are used to distinguish
connections in the pool. Choices are
ByContainerAndApplication (use both),
ByContainer (use Subject),
ByApplication (use app supplied params only),
ByNothing (all connections are equivalent, usually if adapter supports
reauthentication)-->
ByContainer
<depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager
<depends optional-attribute-name="JaasSecurityManagerService">jboss.security:service=JaasSecurityManager
java:/TransactionManager
<!--make the rar deploy! hack till better deployment-->
jboss.jca:service=RARDeployer
3) Added security domain to my jboss.xml
<?xml version="1.0" encoding="UTF-8"?>
<resource-managers>
<resource-manager res-class="">
<res-name>jdbc/barge</res-name>
<res-jndi-name>java:/OraclePortInfolinkDS</res-jndi-name>
</resource-manager>
</resource-managers>
<container-configurations>
<security-domain>java:/jaas/PortInfolinkRealm</security-domain>
</container-configurations>
4) added it to my jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/PortInfolinkRealm</security-domain>
<context-root>/</context-root
</jboss-web>
5) Added an Login config to my web.xml, the logon.jsp sends it's form to j_security_check.
The form fields are named j_user_name and j_password
<!-- ******************************************** -->
<!-- ********** Login config ************* -->
<!-- ******************************************** -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/logon.jsp</form-login-page>
<form-error-page>/logonerror.jsp</form-error-page>
</form-login-config>
</login-config>
6) Added an security-constraint for some web-resource
<security-constraint>
<web-resource-collection>
<web-resource-name>testservlet</web-resource-name>
none
<url-pattern>/test</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
none
<role-name>OperatorRole</role-name>
</auth-constraint>
<user-data-constraint>
none
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
7) When I make a request for that resource in my browser I get my login page as I expected. When I post the login
it goes on to my protected resource without checking anything. I also don't get any errors or some other logging what
points to misconfiguration. Just nothing happens at all.
I presume I forgot something but I don't know what, even in the JBoss documentation I couldn't find anything.
Does somebody have a clue??
Thanks,
Jurjan