Login issue JAAS and form based authentication
jasonvanbrackel Feb 11, 2004 8:16 AMI'm writing and application that uses form based authentication, without any custom modules. Everytime I try to login I can't seem to authenticate. I'll try to provide as much information as possible.
I've set up a datasource using postgresql
postgres-ds.xml
-------------------
<local-tx-datasource>
<jndi-name>PostgresDS</jndi-name>
<connection-url>
jdbc:postgresql://cimtux.cim.internal:5432/LunchCredit
</connection-url>
<driver-class>org.postgresql.Driver</driver-class>
<user-name>jason</user-name>
</local-tx-datasource>
Here's the important part of login-config.xml
---------------------------------------------------
<application-policy name="lCWebSec">
<login-module code="org.jboss.security.auth.spi.DatabaseLoginModule" flag="required">
<module-option name="dsJndiName">java:/PostgresDS</module-option>
<module-option name="principalsQuery">select password from Users where username=?</module-option>
<module-option name="rolesQuery">select roles, roleGroup from UserRoles where username=?</module-option>
</login-module>
</application-policy>
Jboss-web.xml
-----------------
<jboss-web>
<security-domain>java:/jaas/lCWebSec</security-domain>
</jboss-web>
web.xml
----------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<!-- Copyright (c) 2002 by ObjectLearn. All Rights Reserved. -->
<web-app>
<servlet-name>access</servlet-name>
<servlet-class>test.package.servlet.AccessController</servlet-class>
<servlet-mapping>
<servlet-name>access</servlet-name>
<url-pattern>/access/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>404</error-code>
/error.jsp
</error-page>
<security-constraint>
<display-name>Secured</display-name>
<web-resource-collection>
<web-resource-name>LResource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>parent</role-name>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Authorized Lunch</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/failedLogin.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
Administrator
<role-name>admin</role-name>
</security-role>
<security-role>
Parent
<role-name>parent</role-name>
</security-role>
</web-app>
My two db tables
-------------------
USERS
username varchar(50) pk,fk
password varchar(50) fk
USERROLES
username varchar(50) pk,fk
roles varchar(50) pk
roleGroup varchar(50)
Here is data from the tables
USERS
username: jason
password: jason
username: admin
password: admin
USERROLES
username:jason
roles:admin
roleGroup: Roles
username:admin
roles: admin
roleGroup: Roles
login.jsp
----------
<%@ page language="java" %>
<!DOCTYPE HTML PUBLIC "-//w3c//dtd html 4.0 transitional//en">
Lunch Prototype Login
Username:
Password:
I can't think of any thing else that could be going on so let me know if you seen anything.
Thanks,
Jason