Using Database for Security
jerryp64 Nov 3, 2004 8:59 AMI am trying to create an example that uses a standalone version of Hypersonic to validate my users and their roles. I have been through all the "How To's" and many forums, but I cannot seem to get the Login page to see the database and validate the users. I am trying to put validation on an EJB. If you need another file please let me know. I am including the files that I have set up:
login-config.xml
<application-policy name="mod05sol"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/UserDS</module-option> <module-option name="principalsQuery">select user_pass from users where user_name=?</module-option> <module-option name="rolesQuery">select role_name, "Roles" from user_roles where user_name=?</module-option> </login-module> </authentication> </application-policy>
web.xml
<security-constraint> <web-resource-collection> <web-resource-name>mod05sol</web-resource-name> <description>In this section we setup the type of actions that will force authentication, as well as setup the URL patterns that cause the authetication</description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <description>There roles are allowed access</description> <role-name>admin</role-name> <role-name>manager</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>Mod05Sol Protected Area</realm-name> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/errorpage.html</form-error-page> </form-login-config> </login-config> <security-role> <role-name>admin</role-name> </security-role> <security-role> <role-name>manager</role-name> </security-role>
jboss.xml
<jboss> <security-domain>java:/jaas/mod05sol</security-domain> <enterprise-beans> <entity> <ejb-name>TestSecurityBean</ejb-name> <resource-ref> <res-ref-name>jdbc/UserDB</res-ref-name> <jndi-name>java:/UserDS</jndi-name> </resource-ref> </entity> </enterprise-beans> </jboss>
jboss-web.xml
<jboss-web> <security-domain>java:/jaas/mod05sol</security-domain> <resource-ref> <res-ref-name>jdbc/UserDB</res-ref-name> <jndi-name>java:/UserDS</jndi-name> </resource-ref> <ejb-ref> <ejb-ref-name>ejb/TestSecurity</ejb-ref-name> <jndi-name>TestSecurityBean</jndi-name> </ejb-ref> </jboss-web>
Thanks
Jerry