Access denied - Role mapping problem?
gugrim Feb 19, 2006 4:50 AMHi!
I'm new to JBoss but not to J2EE, and I'm trying to port an application that works fine in Sun AS 8.
The application is packaged as an EAR with one ejb module and one web module. It uses three roles, Users, Authors and Admins.
When the client attempts to access a security constrained jsp, firefox shows a login dialog as expected, but the user id and password is not accepted.
The first strange thing is that nothing is logged when an access fails, which makes it difficult for me to find the problem, so my first question is: How do I get the server to log access attempts?
The EAR does not request any specific realm so I assume that the policy "other" is used. It probably is because I got error messages logged before I created "users.properties" and "roles.properties", and I don't get these errors anymore.
I have mapped the roles in jboss-app.xml to principal names defined in "roles.properties". I also tried doing the same mapping in "jboss-web.xml" in the war file, although that shouldn't be necessary. I have even tried to map an application role to a specific user, defined in "users.properties".
Below are the relevant sections from various deployment descriptors. Hope someone can tell me what I'm doing wrong, or at least show me how to get JBoss to log the accesses and reasons for failing.
TIA,
Gunnar Grim
--------------------------------------------------------------------------------
app.ear/app.war/WEB-INF/web.xml:
<web-app>
:
<security-constraint>
<display-name>Users</display-name>
<web-resource-collection>
<web-resource-name>Secure</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Users</role-name>
</auth-constraint>
</security-constraint>
:
</web-app>
--------------------------------------------------------------------------------
app.ear/META-INF/jboss-app.xml:
<jboss-app>
<security-role>
<role-name>Users</role-name>
<principal-name>users</principal-name>
</security-role>
<security-role>
<role-name>Authors</role-name>
<principal-name>authors</principal-name>
</security-role>
<security-role>
<role-name>Admins</role-name>
<principal-name>admins</principal-name>
</security-role>
</jboss-app>
--------------------------------------------------------------------------------
~/jboss-4.0.3SP1/server/default/conf/login-config.xml:
:
<application-policy name = "other">
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required" />
<module-option name="usersProperties">props/users.properties</module-option>
<module-option name="rolesProperties">props/roles.properties</module-option>
</application-policy>
:
--------------------------------------------------------------------------------
~/jboss-4.0.3SP1/server/default/conf/props/users.properties:
gugrim=password
--------------------------------------------------------------------------------
~/jboss-4.0.3SP1/server/default/conf/props/roles.properties:
gugrim=users,authors,admins
--------------------------------------------------------------------------------