RE: step by step JASS on JBOSS how to issue...
xabstract Apr 21, 2005 6:15 PMI did follow the "Complate configuration of Jass on Jboss" http://www.javaworld.com/javaforums/showthreaded.php?Cat=&Board=JavaSecurity&Number=17048&page=&view=&sb=5&o=&vc=1
And after configuring everything as follows:
login-config.xml :
<application-policy name="PgDbRealm">
<login-module code="org.jboss.security.ClientLoginModule" flag="required">
</login-module>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=naturaDS</module-option>
<module-option name="dsJndiName">java:/naturaDS</module-option>
<module-option name="principalsQuery">Select password from usuarios where idusuario =?</module-option>
<module-option name="rolesQuery">Select R.role AS Roles, G.descripcion AS RoleGroups from gruposusuarios GU,roles R, grupos G where idusuario =? AND GU.idrole=R.idrole AND GU.idgrupo=G.idgrupo</module-option>
</login-module>
</application-policy>
jboss-web.xml:
<security-domain>java:/jaas/PgDbRealm</security-domain>
web.xml :
<security-constraint>
<web-resource-collection>
<web-resource-name>protected-resources</web-resource-name>
<url-pattern>/distribuidores/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>SUPERUSUARIO</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
The SUPERUSUARIO role
<role-name>SUPERUSUARIO</role-name>
</security-role>
\jboss-4.0.1sp1\server\default\conf\auth.conf :
// The JBoss server side JAAS login config file for the examples
client-login
{
org.jboss.security.ClientLoginModule required;
};
PgDbRealm
{
org.jboss.security.ClientLoginModule required;
org.jboss.security.auth.spi.UsersRolesLoginModule required;
org.jboss.security.auth.spi.DatabaseServerLoginModule
required
dsJndiName="java:/naturaDS"
principalsQuery="Select password from usuarios where idusuario =?"
rolesQuery="Select R.role AS Roles, G.descripcion AS RoleGroups from gruposusuarios GU,roles R, grupos G where idusuario =? AND GU.idrole=R.idrole AND GU.idgrupo=G.idgrupo"
;
};
\jboss-4.0.1sp1\client\auth.conf :
client-login
{
org.jboss.security.ClientLoginModule required;
};
PgDbRealm
{
org.jboss.security.ClientLoginModule required;
org.jboss.security.auth.spi.DatabaseServerLoginModule required;
};
my LogginCheckAction :
Principal userPrincipal =null;
try {
String username=request.getParameter("j_username");
String password=request.getParameter("j_password");
System.out.println("intentare logueo-----------------");
System.out.println("password = " + password);
System.out.println("username = " + username);
SecurityAssociationHandler handler = new SecurityAssociationHandler();
userPrincipal= new SimplePrincipal(username);
handler.setSecurityInfo(userPrincipal, password.toCharArray());
LoginContext loginContext = new LoginContext("PgDbRealm",(CallbackHandler) handler);
loginContext.login();
HttpSession session = request.getSession(true);
session.setAttribute("Login_Context",loginContext);
Subject subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
principals.add(userPrincipal);
} catch (LoginException e) {
errors.add("loginerror", new ActionError("Wrong Username or Password"));
saveErrors(request, errors);
e.printStackTrace();
return mapping.findForward("fail");
}
System.out.println("logged in successfully-----------------"+userPrincipal); //I do reach this line
login.jsp:
<FORM name="logonForm" action="<%=request.getContextPath()%>/login.do" METHOD=POST>
Every thing seams to be just fine but...
when i ask for a resource under the /distribuidores url-pattern i'am
asked to login and I do so and i'am "successfully" logged in but
when I try to enter under /distribuidores I'am asked to loggin
again when I did it just a few seconds before.
any Idea ?
regards...