I'm trying to secure a part of my web-app;
Works fine, goes auto to logon.jsp
But it accept everything.
Have a MySQL db with
Dbname = "secure"
user_name(PK) - user_pass ==>users
user_name(PK) - role_name(PK) ==> user_roles
in Web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>admin</realm-name>
<form-login-config>
<form-login-page>/logon.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
in login-config.xml
<application-policy name = "admin">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/DefaultDS007</module-option>
<module-option name = "principalsQuery">select user_pass from users where user_name=?</module-option>
<module-option name = "rolesQuery">select role_name, 'Roles' from user_role where user_name=?</module-option>
</login-module>
</application-policy>
in mysql-service.xml ==> in deploy/
DefaultDS007
<config-property name="ConnectionURL" type="java.lang.String">jdbc:mysql://127.0.0.1:3306/secure</config-property>
<config-property name="DriverClass" type="java.lang.String">mysql-connector-java-3.1.0-alpha-bin.jar</config-property>
<config-property name="UserName" type="java.lang.String"></config-property>
<config-property name="Password" type="java.lang.String"></config-property>
<depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper
any suggestion
thx in advance.