-
15. Re: JAAS Security in JBOSS 4.0 ISSUES??
First , thanks for replying..I hope you are able to solve my problem
............................
I am using form based authentication.
Essentially the username and password is grabbed via HTML form.heres the code for my .vm template.
******************login.vm**************************************<form action="/megs/logincheck.action?view=overview" method="post"> <table> <tr class="trCaption> <td color="white">UserName :</td> <input type="text" name="user" size="12"/> </tr> <tr class="trCaption> <td color="white">Password :</td> <input type="password" name="password" size="12"/> </tr> <tr> <td> <input type="submit" value="Login"/> </td> </tr> </table> </form>
************************************************************
On submit, this calls the Servlet LoginCheckAction which loads the loginmodules via LoginContext and performs authentication as shown below:
*******************LoginCheckAction.java***************public class LogincheckAction extends ActionSupport {.............. .......................... ...................... static class AppCallbackHandler implements CallbackHandler { private String uname; private char[] pass; public AppCallbackHandler(String uname, char[] pass) { System.out.println("The username is: " + uname); System.out.println("The password is: " + pass); this.uname = uname; this.pass = pass; } public void handle(Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks instanceof NameCallback) { NameCallback nc = (NameCallback) callbacks; nc.setName(uname); } else if (callbacks instanceof PasswordCallback) { PasswordCallback pc = (PasswordCallback) callbacks; pc.setPassword(pass); } else { throw new UnsupportedCallbackException(callbacks, "Unrecognized Callback"); } } } } public String execute() throws Exception { char[] passwordarray = getPassword().toCharArray(); try { AppCallbackHandler handler = new AppCallbackHandler(getUser(), passwordarray); lc = new LoginContext("megs", handler); System.out.println("Created LoginContext"); lc.login(); } catch (FailedLoginException le) { System.out.println("Login failed for Username :" + getUser()); System.out.println("Please check your username and password"); return "accessdenied"; } System.out.println("LoginCheckAction executed"); //This is printed HttpServletResponse response = ServletActionContext.getResponse(); response.sendRedirect("/megs/overview.action?view=overview"); return SUCCESS; } ................. ..................................
****************************************************************
This executes properly as the last line is printed, so I am sure the login succeeds, after that there is a redirect to the next servlet OverviewAction.java which is where the problem occurs..
*********************OverviewAction.java******************.................... ................................... public String execute() throws Exception { ActionContext.getContext().getApplication().put("view", view); ActionContext.getContext().getApplication().put("submenu", ""); System.out.println("The view in overviewaction is:" + view); //EXCEPTION IS THROWN AT THIS LINE setRegions(BeanUtil.getRegion().getRegionDevices()); .................. ............. } ............... ...................................
*************************************************************
The exception is thrown when the OverviewAction Servlet tries to call the create method of the Region Bean.. :(
And here is my web.xml, I am not very sure if I have it configured correctly, Maybe the problem lies in that.
It does include the login-config information. I tired using both BASIC and FORM, doesnt make any difference though*****************************web.xml********************** <web-app> <display-name>Enterprise Management Console</display-name> .......................................... ...................................................... ...................................................... <servlet> <servlet-name>admin</servlet-name> <servlet-class> com.megs.management.servlets.AdminAction </servlet-class> </servlet> <servlet> <servlet-name>overview</servlet-name> <servlet-class> com.megs.management.servlets.OverviewAction </servlet-class> </servlet> <servlet> <servlet-name>logincheck</servlet-name> <servlet-class> com.megs.management.servlets.LoginCheckAction </servlet-class> </servlet> <servlet-mapping> <servlet-name>logincheck</servlet-name> <url-pattern>/restricted/logincheck</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>overview</servlet-name> <url-pattern>/restricted/overview</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>admin</servlet-name> <url-pattern>/restricted/admin</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>Secure Access</web-resource-name> <url-pattern>/restricted/*</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>ManageUsers</role-name> </auth-constraint> <user-data-constraint> <description>no description</description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>megs</realm-name> </login-config> <security-role> <description>The role required to access restricted content</description> <role-name>ManageUsers</role-name> </security-role> ....................................................... ......................................
********************************************************
AM I missing some information here :(?? or do I have it configured wrong?/ If you need anymore information , please let me know.
I hope you can spot where I am going wrong.
Thanks again.