9 Replies Latest reply on Jul 11, 2005 9:02 AM by jbrosan

    FORM BASED LOGIN MODULE FROM DATABASE HELP NEEDED

    karpra80

      Hi Guys,


      I have done a JAAS implementation using FORM based authentication for a web application using user.properties and role.properties in JBoss 4.0 it work fine absoultely fine..

      But when i try to access it from a database iam having problem i have configured the datasource of database iam usign in mysql-ds.xml and i have configured these things in login-config.xml file but still its not accessing the database wat might be thr problem in this approach of mine.

      can anybody tell me how to do it ....or may be say if iam doign the right way

      Thanks in Advance for anyone who comes forward to help me out..

        • 1. Re: FORM BASED LOGIN MODULE FROM DATABASE HELP NEEDED

          You need to add something like this to your login-config.xml:


          <application-policy name="NexusAcesso">
          <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
          <module-option name="dsJndiName">java:/NexusDS</module-option>
          <module-option name="principalsQuery">SELECT senha FROM usuario WHERE usuario = ?</module-option>
          <module-option name="rolesQuery">SELECT papel, 'Roles' FROM papelusuario WHERE usuario = ?</module-option>
          <module-option name="unauthenticatedIdentity">convidado</module-option>
          </login-module>
          </application-policy>


          and something like this in jboss-service.xml of your ear:



          META-INF/login-config.xml
          <depends optional-attribute-name="LoginConfigService">
          jboss.security:service=XMLLoginConfig

          <depends optional-attribute-name="SecurityManagerService">
          jboss.security:service=JaasSecurityManager




          i guess that you know about the j_security_check part.

          • 2. Re: FORM BASED LOGIN MODULE FROM DATABASE HELP NEEDED

            jboss-service.xml part:



            META-INF/login-config.xml
            <depends optional-attribute-name="LoginConfigService">
            jboss.security:service=XMLLoginConfig

            <depends optional-attribute-name="SecurityManagerService">
            jboss.security:service=JaasSecurityManager

            • 3. Re: FORM BASED LOGIN MODULE FROM DATABASE HELP NEEDED

              I can't send jboss-service.xml part, i can send to you by e-mail.

              • 4. Re: FORM BASED LOGIN MODULE FROM DATABASE HELP NEEDED
                karpra80

                Hi RPA,

                Thanks for your earlier post but i tried everythign but iam not able to solve it ..

                This is my case i have a ear file-------war file
                |------meta-inf--------application.xml
                |-----jboss-service.xml

                login-config.xml is in default/conf right .....

                i have done j_security_check using user.properties and role.properties logic placing them into the classes of my war file it works from the properties file ..but when i try doign it through a database it still looks into the properties files logic if possible can u mail me jboss-service.xml and whr shld i place it,then login-config.xml whr shld it be placed and web.xml from wat u tried will be helpful y mail id is

                karpra80@yahoo.com


                Thanks in advance, i appreciate these helps u r doing to me

                • 5. Re: FORM BASED LOGIN MODULE FROM DATABASE HELP NEEDED
                  karpra80

                  Hi ,

                  Please Ignore my previous e-mail .i successfully finsihed jass forma based authentication usign database it is so powerful isnt it ...

                  earlier i used to create thing by myself in jsp authenticating these things that was so much to code and formulate a logic thanks to jboss security feature iam sure most of app servers have jass implementation in it ....


                  thanks a lot ramesh and rpa ...


                  i need to know how to control access to few pages alone in web application depeding on the roles assigned

                  • 6. Re: FORM BASED LOGIN MODULE FROM DATABASE HELP NEEDED

                    If i'm no wrong is request.isUserInRole('role')

                    • 7. Re: FORM BASED LOGIN MODULE FROM DATABASE HELP NEEDED
                      jbrosan

                      Hi all,

                      I'm having a similar issue with JBoss 4.0.2 web app.

                      I am using form based security and I made all of the changes to login-config.xml, web.xml, etc.

                      In my logfile it appears to be getting the correct userid and roles from MS SQL Server, and will give me the error page if I use the incorrect UID and PW. However if I use the correct UID and PW and try to access the restricted resource, I get a 403 error, access denied.

                      I'm sure its something silly that I missed.

                      Can anyone please help, or point me in the right direction?

                      Thanks,
                      John

                      • 8. Re: FORM BASED LOGIN MODULE FROM DATABASE HELP NEEDED
                        ralluri

                        I've also successsfully implemented form based login using database. However, I'm trying to find a way to log the user out so that the session is invalid and other user can login. Can someone please suggest a way to do it ?

                        • 9. Re: FORM BASED LOGIN MODULE FROM DATABASE HELP NEEDED
                          jbrosan

                          I may be wrong here, since I'm still new to this. Wouldn't you do something like what I listed below to invalidate the current session?

                          
                          HttpSession session = request.getSession(false);
                          
                          if(session!=null)
                           {
                           session.invalidate();
                           }
                          
                          


                          I hope that helps. :-)

                          Ralluri, could you please share with me how you got your database login working with your web app?

                          Thanks,
                          John