Problems with login
conanjboss Mar 24, 2004 5:31 PMI have read everything on net and a thousand of forums but I do this work. I am trying to use the DataBaseServerModule, here is the files:
login-config.xml
<application-policy name="LWebSec">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/PostgresDS</module-option>
<module-option name="principalsQuery">select password from users where username=?</module-option>
<module-option name="rolesQuery">select 'userroles', rolegroup from userroles where username=?</module-option>
</login-module>
</application-policy>
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/LWebSec</security-domain>
</jboss-web>
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Pages</web-resource-name>
<url-pattern>/webui/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>userrole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<!-- ExampleRealm is defined in login-config.xml -->
<realm-name>LWebSec</realm-name>
<!--
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
-->
</login-config>
<security-role>
blah
<role-name>userrole</role-name>
</security-role>
<!--
When I try to login with a user that is inside the database I receive the message on log:
2004-03-24 13:24:13,277 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
2004-03-24 13:24:13,279 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] Bad password for username=abc
2004-03-24 13:24:13,280 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort
2004-03-24 13:24:13,280 DEBUG [org.jboss.security.plugins.JaasSecurityManager.LWebSec] Login failure
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
When I try to login with a user that doesnt exist in database:
2004-03-24 13:26:09,175 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
2004-03-24 13:26:09,178 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort
2004-03-24 13:26:09,178 DEBUG [org.jboss.security.plugins.JaasSecurityManager.LWebSec] Login failure
javax.security.auth.login.FailedLoginException: No matching username found in Principals
So, where is the problem, the password in Postgresql have to be crypt/hash? What is wrong with the configuration?