problem with UsersRolesLogin
grrrva Mar 10, 2003 6:10 AMhi all,
I've a problem that's driving me crazy: i'm using jboss 3.0.6 with tomcat 4.1.18 and I'd like to securing an url (a servlet). I set up all configuration xml files, but I'm never being prompted for login (user/pass) and I'm always sent to "error 403-forbidden".
here are shown these files:
login-config.xml (from jboss/server/default/conf directory)
-------------------------
<application-policy name = "cliente">
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
<module-option name = "usersProperties">users.properties</module-option>
<module-option name = "rolesProperties">roles.properties</module-option>
<module-option name = "unauthenticatedIdentity">nobody</module-option>
</login-module>
</application-policy>
--------------------------
users.properties (from jar archive)
----------------
# users.properties
ricky=gerva
test=password
-----------------------
roles.properties (from jar archive)
----------------------------
ricky=role1
test=role1
---------------------------
ejb-jar.xml (from jar)
---------------------------
<enterprise-beans>
..............
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>role1</role-name>
</security-role>
</assembly-descriptor>
---------------------------
jboss.xml (from jar archive)
-----------------------------
<enterprise-beans>
..............................
</enterprise-beans>
<security-domain>java:/jaas/cliente</security-domain>
-----------------------------
jboss-web.xml (from war archive)
--------------------------------------
<security-domain>java:/jaas/cliente</security-domain>
--------------------------------------
web.xml (from war archive)
--------------------------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Servlets</web-resource-name>
<url-pattern>/servlet/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>secure area</realm-name>
</login-config>
<security-role>
<role-name>role1</role-name>
</security-role>
--------------------------------------
thank you all
Riccardo