Issue with JBOSS JAAS login
nikhilkumar Dec 6, 2005 4:33 PMI have been trying to use DatabaseServerLogin. I am appending the login-config.xml, the login.jsp, the web.xml and the extract from the server log. (I turned on security debugging). I have a table called Principals with fields PrincipalID and Password in my database, and a table called Roles with fields called PrincipalID, Role, RoleGroup.
To deal with the login link problem, I have a link that connects to a signin.jsp page that is protected. When you try to link to it, the login.jsp page is invoked.
When I try to give the wrong password/ userID it correctly routes me to login-error.html
When I try to login correctly, it gives me a 403 error "HTTP Status 403 - Access to the requested resource has been denied". I checked the server log and it seems that I was authenticated but not authorized. What has to be done to "authorize" me? I could not find any documentation that explicitly tells me to authorize, when logging in.
<!!!! Server log excerpt >
file:/C:/aptsi_home/jboss/jboss-3.2.3/server/default/deploy/tsm.ear
2005-12-06 16:11:23,687 DEBUG [org.jboss.resource.connectionmanager.IdleRemover] run: IdleRemover notifying pools, interval: 450000
2005-12-06 16:12:17,421 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] default, runAs: null
2005-12-06 16:12:17,484 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] default, runAs: null
2005-12-06 16:12:17,515 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] default, runAs: null
2005-12-06 16:12:17,515 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] default, runAs: null
2005-12-06 16:12:17,531 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] default, runAs: null
2005-12-06 16:12:17,562 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] default, runAs: null
2005-12-06 16:12:17,578 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] default, runAs: null
2005-12-06 16:12:17,578 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] default, runAs: null
2005-12-06 16:12:17,609 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] default, runAs: null
2005-12-06 16:12:17,625 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] default, runAs: null
2005-12-06 16:12:19,125 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] jsp, runAs: null
2005-12-06 16:12:19,140 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] jsp, runAs: null
2005-12-06 16:12:20,953 INFO [STDOUT] in < JDBCConnectionManager's connect: 1 >
2005-12-06 16:12:20,953 INFO [STDOUT] in < JDBCConnectionManager's reg Driver >
2005-12-06 16:12:20,968 INFO [STDOUT] Successful registration
2005-12-06 16:12:20,968 INFO [STDOUT] in < JDBCConnectionManager's connect: 2 >
2005-12-06 16:12:21,125 INFO [STDOUT] in < JDBCConnectionManager's connect: 3 >
2005-12-06 16:12:21,125 INFO [STDOUT] in < JDBCConnectionManager's connect: 1 >
2005-12-06 16:12:21,125 INFO [STDOUT] in < JDBCConnectionManager's reg Driver >
2005-12-06 16:12:21,125 INFO [STDOUT] Successful registration
2005-12-06 16:12:21,125 INFO [STDOUT] in < JDBCConnectionManager's connect: 2 >
2005-12-06 16:12:21,140 INFO [STDOUT] in < JDBCConnectionManager's connect: 3 >
2005-12-06 16:12:21,140 INFO [STDOUT] sucess in init trying to createStatement
2005-12-06 16:12:21,140 INFO [org.jboss.web.localhost.Engine] jsp: Hello World
2005-12-06 16:12:21,140 INFO [STDOUT] Help!
2005-12-06 16:12:21,140 INFO [STDOUT] The User Name is null
2005-12-06 16:12:21,187 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] default, runAs: null
2005-12-06 16:12:28,578 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] default, runAs: null
2005-12-06 16:12:28,578 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=root
2005-12-06 16:12:28,578 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] logout
2005-12-06 16:12:28,578 TRACE
Web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!--
- Deployment descriptor for an authenticated
- section of the web site.
-->
<display-name>ial</display-name>
"test"
<welcome-file-list>
<welcome-file>home.htm</welcome-file>
</welcome-file-list>
<resource-ref>
<res-ref-name>jdbc/mySQL</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
Declarative security
<url-pattern>/signin.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
No descrp
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ial</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login_error.htm</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>ial</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
<!!!! login-config.xml excerpt>
<application-policy name="other">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="unauthenticatedIdentity">guest</module-option>
<module-option name="dsJndiName">java:/mySQL</module-option>
<module-option name="principalsQuery">select Password from Principals where PrincipalID=?</module-option>
<module-option name="rolesQuery">select Role,RoleGroup from Roles where PrincipalID=?</module-option>
</login-module>
</application-policy>
<!-- Security domains for testing new jca framework -->
<application-policy name = "MySqlDbRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name ="principal">aptsi_dev</module-option>
<module-option name ="userName">root</module-option>
<module-option name ="password">aptsi</module-option>
<module-option name ="managedConnectionFactoryName">
jboss.jca:service=LocalTxCM,name=mySQL
</module-option>
</login-module>
</application-policy>
<!!!! Login.jsp Excerpt>
<form id="data-entryForm" method="POST"
action='<%= response.encodeURL( "j_security_check" ) %>'>
User Login
User Name
Password
Login
Reset
<!----- my-sql.ds excerpt -->
<local-tx-datasource>
<jndi-name>mySQL</jndi-name>
<connection-url>jdbc:mysql://localhost:3306/idmgmt</connection-url>
<driver-class>com.mysql.jdbc.Driver</driver-class>
<user-name>root</user-name>
aptsi
</local-tx-datasource>