Hi all, I'm really trying to do something that allows my users w/ assigned roles to login w/ passwd through a servlet using the databaseServerLoginModule, but having a hard time understanding what to do w/ so little documentation.
Here's what I've done so far and if someone could point me in the right direction w/ more steps, much appreciated.
I've created tables in my postgresql database as such ...
CREATE SEQUENCE principals_seq;
CREATE TABLE Principals(
principalId INT PRIMARY KEY,
principalName VARCHAR(64)
password VARCHAR(32)
);
CREATE SEQUENCE roles_seq;
CREATE TABLE Roles(
roleId INT PRIMARY KEY,
roleName VARCHAR(32),
roleGroup VARCHAR(32)
);
And I have a ~/WEB-INF/login-config.xml file like this ...
<application-policy name="myAppName">
<authentication>
<login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="unauthenticatedIdentity">
guest
</module-option>
<module-option name="dsJndiName">
java:/PostgresDS
</module-option>
<module-option name="principalsQuery">
SELECT password FROM Users WHERE principalId=?
</module-option>
<module-option name="rolesQuery">
SELECT roleId,'Roles' FROM Roles WHERE userId=?
</module-option>
</login-module>
</authentication>
</application-policy>
I'm not sure about how to use callbacks within a servlet but I think I'm supposed to do this in my apps MVC controller. I made a LoginController, but as you can see, I don't really understand the details here yet.
CallbackHandler handler = new MyHandler();
LoginContext lc = new LoginContext("some-config", handler);
try {
lc.login();
Subject subject = lc.getSubject();
}
catch (LoginException le) {
System.out.println("authentication failed");
e.printStackTrace();
}
Any more details here? Any help much appreciated.