-
1. Re: Problem with DatabaseServerLoginModule
Tried many different combinations still not getting it work. Putting all details -
1)My web.xml
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint><transport-guarantee>NONE</transport-guarantee></user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
A Manager
<role-name>manager</role-name>
</security-role>
2)login-config.xml - i have just overwritten 'other' and rest all i kept as it is.
<application-policy name="other">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="unauthenticatedIdentity">guest</module-option>
<module-option name="dsJndiName">java:/MySqlDS</module-option>
<module-option name="principalsQuery">select Password from Principals where PrincipalID=?</module-option>
<module-option name="rolesQuery">select Role, 'Roles' from Roles where PrincipalID=?</module-option>
</login-module>
</application-policy>
<!--for mysql-->
<application-policy name = "MySqlDbRealm">
<login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name ="principal">sa</module-option>
<module-option name ="userName">sa</module-option>
<module-option name ="password"></module-option>
<module-option name ="managedConnectionFactoryName">
jboss.jca:service=LocalTxCM,name=MySqlDS
</module-option>
</login-module>
</application-policy>
3)2 tables
principals with PrincipalID and Password fields
roles with PrincipalID, Role, RoleGroup
4) my login form -
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
Username:
Password:
5)if i try to call any page which is under /proteced dir, login page is displayed, but whether user id is correct or wrong it does not make any difference. After submit it just displays the protected page, there is nothing displayed on console.
6)I tried to put inside /WEB-INF/jboss-web.xml as follows
<security-domain>other</security-domain>
but then I got NamingException error.
How can I determine that my application is using which application-policy ?
Pls pls any body can point out what's going wrong here? Am i missing anything?
regards
Manisha -
2. Re: Problem with DatabaseServerLoginModule
finally i could solve it
Instead of 'other' i used my own name and put inside jboss-web.xml as 'java:/jaas/mypolicy' and it worked.
regards
Manisha