Hi.

I have an application with struts an jboss.

I configure all to work with UsersRolesLoginModule and it's fine, but if i just change in login-config.xml the authentication to use DatabaseServerLoginModule it doesn't works... configuration its OK... and if i put an bad user or a wrong password works fine too deny permissions and show right errors, but if i put a correct user/passwd tomcat returns HTTP 403... and in the log there's not complains (exceptions), so i think the autentication module returns ok and tomcat just lost.

i was expecting, the same UsersRolesLoginModule good behavior, but not.
I followed all in famous"Complete configuration of JAAS on JBOSS and STRUTS" excepting that i use action="j_security_check" and the Strut's Actions are just showing error messages... So i don't have nothing about Security handlers and the rest...

any suggestion??
tks.

some code:

web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Saih Admon</web-resource-name>
<url-pattern>*.do</url-pattern>
<url-pattern>/jsp/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin1</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/saihLogin.do</form-login-page>
<form-error-page>/saihLoginError.do</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>admin1</role-name>
</security-role>

login-config.xml
<application-policy name = "saih-admon">

<login-module code="org.jboss.security.ClientLoginModule" flag="required"></login-module>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=histoSecDS</module-option>
<module-option name="dsJndiName">java:/histoSecDS</module-option>
<module-option name="principalsQuery">SELECT password FROM Principals WHERE PrincipalId = ?</module-option>
<module-option name="rolesQuery">
SELECT Role as Roles, RoleGroup as RolesGroups FROM Roles WHERE PrincipalID = ?
</module-option>
<module-option name="unauthenticatedIdentity">unauth</module-option>
</login-module>

</application-policy>

struts-config.xml
< action path="/saihLogin" type="co.edu.uniandes.saih.web.SaihLoginAction"
scope="request">
< forward name="success" path="/SaihLogin.jsp" />
< /action>
< action path="/saihLoginError" type="co.edu.uniandes.saih.web.SaihLoginAction"
scope="request" parameter="loginError">
< forward name="error" path="/SaihLogin.jsp" />
< /action>

SaihLoginAction.java

public ActionForward execute(....){

System.out.println("entra al action orig");
 System.out.println("login error param value parameter "+mapping.getParameter());
 System.out.println("login error j_username "+request.getParameter("j_username"));
 System.out.println("login error j_password"+request.getParameter("j_password"));
 String error = mapping.getParameter();
 if(null != error && error.equalsIgnoreCase("loginError")){
 System.out.println("login error orig");
 SaihLoginForm slf = new SaihLoginForm();
 slf.setUser(request.getParameter("j_username"));
 slf.setPassword(request.getParameter("j_password"));
 ActionErrors errors= slf.validate(mapping,request);
 Iterator it = errors.get();
 while (it.hasNext()){
 ActionMessage am = (ActionMessage) it.next();
 System.out.println(am.getKey());
 }

 if (errors.isEmpty()){
 System.out.println("empty");
 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("errors.login.refuse"));
 }
 request.setAttribute(Globals.ERROR_KEY, errors);
 return mapping.findForward("error");
 }
 System.out.println("ok en action orig");
 return mapping.findForward("success");
 }

Log when i put bad user o password...

2004-09-24 08:40:38,889 DEBUG [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory] Using properties: {user=postgres, password=--hidden--}
2004-09-24 08:40:38,889 DEBUG [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory] Checking driver for URL: jdbc:postgresql://172.16.1.16:5432/histosec
2004-09-24 08:40:38,889 DEBUG [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory] Driver not yet registered for url: jdbc:postgresql://172.16.1.16:5432/histosec
2004-09-24 08:40:38,905 DEBUG [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory] Driver already registered for url: jdbc:postgresql://172.16.1.16:5432/histosec
2004-09-24 08:40:39,045 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] Bad password for username=kmarcos
2004-09-24 08:40:39,045 DEBUG [org.jboss.security.plugins.JaasSecurityManager.saih-admon] Login failure
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:160)
....
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
2004-09-24 08:40:39,045 INFO [STDOUT] entra al action orig
2004-09-24 08:40:39,045 INFO [STDOUT] login error param value parameter loginError
2004-09-24 08:40:39,045 INFO [STDOUT] login error j_username kmarcos
2004-09-24 08:40:39,045 INFO [STDOUT] login error j_passwordk
2004-09-24 08:40:39,045 INFO [STDOUT] login error orig
2004-09-24 08:40:39,045 INFO [STDOUT] empty


log when user/passwd is ok
2004-09-24 08:49:27,780 INFO [STDOUT] entra al action orig
2004-09-24 08:49:27,780 INFO [STDOUT] login error param value parameter null
2004-09-24 08:49:27,780 INFO [STDOUT] login error j_username null
2004-09-24 08:49:27,780 INFO [STDOUT] login error j_passwordnull
2004-09-24 08:49:27,780 INFO [STDOUT] ok en action orig