FORM dataBase authentication problem
pagomen May 7, 2004 3:04 AMHi All,
I am trying to setup a simple FORM database authentication but I have some problem...
The authentication seems to pass but then I get an "HTTP Status 403 - Access to the requested resource has been denied" from the Tomcat.
The strange thing is that when I am using the users.properties & roles.properties files all going just fine.
The only change that I made using the database was in the login-config.xml
<application-policy name="sms"> <authentication> <!-- <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required" /> --> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/PostgresDS</module-option> </login-module> </authentication> </application-policy>
In the database exist 2 tables named
roles
CREATE TABLE roles ( principalid varchar(64) NOT NULL, role varchar(32), rolegroup varchar(32) ) ;
and principals
CREATE TABLE principals ( principalid varchar(64) NOT NULL, password varchar(100), CONSTRAINT principals_pkey PRIMARY KEY (principalid) ) ;
I suspect that the problem must be in web.xml
<welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <error-page> <error-code>404</error-code> <location>/error.jsp</location> </error-page> <security-constraint> <display-name>Server Configuration Security Constraint</display-name> <web-resource-collection> <web-resource-name>AdminPages</web-resource-name> <description>no description</description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>Administrator</role-name> </auth-constraint> <user-data-constraint> <description>Access by Administrator</description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>sms</realm-name> <form-login-config> <form-login-page>/logon.jsp</form-login-page> <form-error-page>/error_login.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>Administrator</role-name> </security-role>
or jboss-web.xml
<jboss-web> <security-domain>java:/jaas/sms</security-domain> </jboss-web>
Did I miss something ??