JSF DatabaseServerLoginModule Example not working
nschweig Oct 7, 2008 7:09 AMHi,
I am new to Security and I am trying since many hours to write a simple application with JSF,Facelets, Form Based Auth and DatabaseServerLoginModule.
I have a running example with form based auth and UserRolesLoginModule. So I took that and tried to connect it with the DataBaseLoginModule-example from
http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html
From there I got the database and records.
Here are my files:
login-config.xml in jboss-5.0.0.CR2\server\default\conf
... <application-policy name="databaselogin"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/databaselogin</module-option> <module-option name="principalsQuery"> select passwd from Users username where username=?</module-option> <module-option name="rolesQuery"> select userRoles, 'Roles' from UserRoles where username=?</module-option> </login-module> </authentication> </application-policy> </policy>
jboss-web.xml in WEB-INF
... <jboss-web> <security-domain>java:/jaas/databaselogin</security-domain> </jboss-web>
web.xml in WEB-INF
... <security-constraint> <web-resource-collection> <web-resource-name>restricted</web-resource-name> <url-pattern>/secured_pages/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>caller_java</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/error.html</form-error-page> </form-login-config> </login-config> <security-role> <role-name>caller_java</role-name> </security-role> </web-app>
databaselogin-ds.xml
<?xml version="1.0" encoding="UTF-8"?> <datasources> <local-tx-datasource> <jndi-name>databaselogin</jndi-name> <connection-url>jdbc:mysql://localhost:3307/databaselogin</connection-url> <driver-class>com.mysql.jdbc.Driver</driver-class> <user-name>XXX</user-name> <password>XXX</password> <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter</exception-sorter-class-name> <metadata> <type-mapping>mySQL</type-mapping> </metadata> </local-tx-datasource> </datasources>
If I click the link that should show me asecured page, the login.html is shown in the right way. But authentication is not working. I tried it with username: java and password:echoman like in the documentation example.
What am I doing wrong? Is there a possibility to debug the module?
Thank you very much.
Nicole