-
1. Re: Authentication does not work after migrating from jboss-
How were you protecting the pages in Jetty 3.0.8 ? Please elaborate further.
-
2. Re: Authentication does not work after migrating from jboss-
Thanks for responding. :)
Here are the files that should be relevant from our 3.2 (both .3 and .5) config - the login-config.xml is the same as what ships with jboss, plus our application-policy, shown below. Obviously, we've had to sanitize some things - the example.com stuff isn't real.
Experiments we have run:
- misspelled the "login-module" in login-config.xml tag; this caused jboss to complain, so we know it's at least parsing the file.
- misspelled something in web.xml to similar effect.
- removed the existing security-roles from the auth-constraint in the security-contraint for /* and added a security-role that didn't exist; no change in behavior - we get the login page before going to any protected page, but any user name lets us through.
Is there any other info that might be of use?
Thanks,
Diwakar### web.xml - same for 3.0.8 and 3.2.3 ### <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <!-- ### Servlets --> <servlet> <servlet-name>ExampleServlet</servlet-name> <servlet-class>com.example.ExampleServlet</servlet-class> </servlet> <!-- ### Servlet Mappings --> <servlet-mapping> <servlet-name>ExampleServlet</servlet-name> <url-pattern>/ExampleServlet</url-pattern> </servlet-mapping> <session-config> <session-timeout>30</session-timeout> </session-config> <!-- The Welcome File List --> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <error-page> <error-code>403</error-code> <location>/AccessDenied.jsp</location> </error-page> <error-page> <error-code>404</error-code> <location>/AccessDenied.jsp</location> </error-page> <security-constraint> <web-resource-collection> <web-resource-name>Login</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Admin</role-name> <role-name>Operator</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Admin</web-resource-name> <url-pattern>/Admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>example-login</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/loginError.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>Admin</role-name> </security-role> <security-role> <role-name>Operator</role-name> </security-role> <ejb-ref> <ejb-ref-name>DbExampleBean</ejb-ref-name> <ejb-ref-type>Session</ejb-ref-type> <home>DbExampleRemoteHome</home> <remote>DbExampleRemote</remote> </ejb-ref> </web-app> ### jboss-web.xml - same for 3.0.8 and 3.2.3 ### <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtds/jboss-web_3_0.dtd"> <jboss-web> <security-domain>java:/jaas/example-login</security-domain> <ejb-ref> <ejb-ref-name>DbExampleBean</ejb-ref-name> <jndi-name>ejb/DbExampleBean</jndi-name> </ejb-ref> </jboss-web> ### login-config.xml ### <?xml version='1.0'?> <!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN" "http://www.jboss.org/j2ee/dtd/security_config.dtd"> <policy> <!-- Used by clients within the application server VM such as mbeans and servlets that access EJBs. --> <!-- This is our login module --> <application-policy name = "example-login"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "dsJndiName">java:/OracleDS</module-option> <module-option name = "principalsQuery"> SELECT table_user.login_password FROM table_user WHERE table_user.status = 1 and table_user.login_name = ? </module-option> <module-option name = "rolesQuery"> SELECT table_user_role.role_name, 'Roles' RoleGroup FROM table_user, table_user2user_role, table_user_role WHERE table_user.status = 1 and table_user.user_id = table_user2user_role.user_id and table_user_role.role_id = table_user2user_role.role_id and table_user.login_name = ? </module-option> </login-module> </authentication> </application-policy> <!-- more application-policy tags follow, not shown <application-policy name = "..."> ... </application-policy> --> </policy>
-
3. Re: Authentication does not work after migrating from jboss-
The config files seem ok. A similar post couple of months ago.
http://saloon.javaranch.com/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic&f=63&t=000626
Top of my head it seems that
<context-root>/</context-root> is missing in jboss-web.xml
HTH
If that is fine then it sems that loginError.jsp and login.jsp might be same :-) -
4. Re: Authentication does not work after migrating from jboss-
Thank you for responding.
I added contexxt-root tag to my jboss-web.xml. Still it does not seem to work. I even tried changing the log level to TRACE as explained in the posting, no luck.
Am i doing something wrong in login-config.xml.
I really appriciated any help.
Thankyou,
Diwakar. -
5. Re: Authentication does not work after migrating from jboss-
Show output from the trace level logging regarding the org.jboss.security category. The context-root is not required in jboss-web.xml.
-
6. Re: Authentication does not work after migrating from jboss-
Its working now. Problem was with our build.xml. All the files are OK but build.xml who not copying jboss-web.xml into the war file.
Thank you for everyone who responded. I appriciated it.
Diwakar.