Need help: Error 403 Access denied in JBoss Authorization
wkuncoro Apr 23, 2003 3:42 PMHi, I’m new to JBoss. We used to use Tomcat but now we are moving to JBoss3.0-Tomcat4.1. I have been trying to implement Form and BASIC security for some resources in my web applications, using realm SQL Server 2000 JDBC authentication. First I tried to run .war file in Tomcat and it was working fine. And now I bundle the .war file to .ear file, with the same source code as in Tomcat, and I set up necessary configuration, including adding jboss-web.xml.
When I put wrong username/password, JBoss detects it. But when I write correct username/password I got error 403 Access is denied. I checked role and other settings and I feel I configured them correctly because it was working fine in .war file in Tomcat.
I have spent so many hours on this. I have read both free and paid JBoss pdf documentations and followed examples in some websites but I still stuck in this error. Please anyone help me. This is my configuration, is there something I missed?
There are 2 tables in SQL Server database: users and role. I assign role of manager to users there, and it was working well with Tomcat.
I tried both BASIC and Form authentication.
Thank you so much for any help.
Markus.
1. login-config.xml
<application-policy name="jdbcRealm">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/MyDS</module-option>
<module-option name="principalsQuery">select password from users where username=?</module-option>
<module-option name="rolesQuery">select role, rolegroup from roles where username=?</module-option>
</login-module>
</application-policy>
2. mssql-service.xml
MyDS
<config-property name="ConnectionURL" type="java.lang.String">jdbc:JTurbo://10.10.0.42/publication</config-property>
<config-property name="DriverClass" type="java.lang.String">com.newatlanta.jturbo.driver.Driver</config-property>
<config-property name="UserName" type="java.lang.String">sa</config-property>
<config-property name="Password" type="java.lang.String">sa</config-property>
3. jboss.xml
<security-domain>java:/jaas/jdbcRealm</security-domain>
4. jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/jdbcRealm</security-domain>
</jboss-web>
5. web.xml
<security-constraint>
<display-name>Login Test</display-name>
<web-resource-collection>
<web-resource-name>jdbcRealm</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>jdbcRealm</realm-name>
</login-config>
<security-role>
<role-name>manager</role-name>
</security-role>
6. ejb-jar.xml
<assembly-descriptor>
<security-role>
<role-name>manager</role-name>
</security-role>
<method-permission>
<role-name>manager</role-name>
<ejb-name>Facade</ejb-name>
<method-name>create</method-name>
<ejb-name>Facade</ejb-name>
<method-name>Hello</method-name>
</method-permission>
</assembly-descriptor>