Error 403 when using DatabaseServerLoginModule
yj4jboss Nov 3, 2006 1:06 AMHi all,
I am trying to configure JAAS in jboss 4.0.4.GA for a sample seam application. Here's my configs:
JBoss 4.0.4.GA
Seam 1.0.1.GA
Hibernate 3.2.0 CR1
MySQL 4.1.9
My Principals and Roles Tables are as follows:
-- -- Table structure for table `principals` -- CREATE TABLE `principals` ( `PrincipalId` varchar(255) NOT NULL default '', `Password` varchar(255) NOT NULL default '', PRIMARY KEY (`PrincipalId`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Dumping data for table `principals` -- INSERT INTO `principals` VALUES ('Admin', 'admin'); INSERT INTO `principals` VALUES ('user', 'user'); INSERT INTO `principals` VALUES ('Yogesh', 'yogesh'); -- -- Table structure for table `roles` -- CREATE TABLE `roles` ( `PrincipalId` varchar(255) NOT NULL default '', `Role` varchar(255) NOT NULL default '', `RoleGroup` varchar(255) NOT NULL default '', PRIMARY KEY (`PrincipalId`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Dumping data for table `roles` -- INSERT INTO `roles` VALUES ('Admin', 'Admin', 'Admin'); INSERT INTO `roles` VALUES ('user', 'User', 'User'); INSERT INTO `roles` VALUES ('Yogesh', 'Admin', 'Admin');
Here's wats in my jboss-app.xml:
<jboss-app> <module> <service>jboss-service.xml</service> </module> <loader-repository>seam.jboss.org:loader=seam-seamapp</loader-repository> </jboss-app>
and my jboss-service.xml:
<?xml version="1.0" encoding="UTF-8"?> <server> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="JAASExample:service=DynamicLoginConfig"> <attribute name="AuthConfig">login-config.xml</attribute> <depends optional-attribute-name="LoginConfigService"> jboss.security:service=XMLLoginConfig </depends> <depends optional-attribute-name="SecurityManagerService"> jboss.security:service=JaasSecurityManager </depends> </mbean> </server>
my login-config.xml:
<?xml version='1.0'?> <!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN" "http://www.jboss.org/j2ee/dtd/security_config.dtd"> <policy> <application-policy name = "jaastest"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "dsJndiName">java:/jaastestDatasource</module-option> <module-option name="usersProperties"> SELECT password for principals WHERE principalId=? </module-option> <module-option name="rolesProperties"> SELECT role as Roles, roleGroup as RoleGroups from roles where principalId=? </module-option> </login-module> </authentication> </application-policy> </policy>
and my jboss-web.xml under the WEB-INF folder:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd"> <jboss-web> <security-domain>java:/jaas/jaastest</security-domain> </jboss-web>
and i added the following lines to my web.xml:
<!-- JAAS Security Configurations --> <security-constraint> <web-resource-collection> <web-resource-name>All resources</web-resource-name> <description>Protects all resources</description> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Admin</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>Admin</role-name> </security-role> <security-role> <role-name>User</role-name> </security-role> <login-config> <auth-method>BASIC</auth-method> <realm-name>JaasTestRealm</realm-name> </login-config>
My EAR file is as follows:
seamapp.ear:
- META-INF
- seamapp.war
- seamapp.ejb3
- login-config.xml
- jboss-service.xml
Though the Authentication works, i am redirected to the correct page but the following error message is displayed:
HTTP Status 403 - Access to the requested resource has been denied -------------------------------------------------------------------------------- type Status report message Access to the requested resource has been denied description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
Can anyone help me with wats wrong in the configs ??
Also i would like to be able to have the all the logs of the DatabaseServerLoginModule. Until now i am only able to have the log when there a wrong password has been input for a correct username which is as follows:
09:46:30,781 DEBUG [DatabaseServerLoginModule] Bad password for username=Yogesh
Regards,
Jankee Yogesh
http://www.m-itc.net