-
1. Re: j_security_check
jcordes Oct 27, 2003 10:13 PM (in response to judybramlette)Hi !
Have a look at jboss-web.xml in your WEB-INF directory. There must be an entry with a matching name for the realm-name in web.xml and application-policy-name in login-config.xml. A minimal jboss-web.xml should look like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">
<jboss-web>
<security-domain>java:/jaas/OracleDbRealm</security-domain>
</jboss-web>
HTH,
Jochen. -
2. Re: j_security_check
judybramlette Oct 28, 2003 9:16 AM (in response to judybramlette)My jboss-web.xml looks correct:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">
<jboss-web>
<security-domain>java:/jaas/OracleDbRealm</security-domain>
<resource-ref>
<res-ref-name>mail/Mail</res-ref-name>
<res-type>javax.mail.Session</res-type>
<jndi-type>java:/Mail</jndi-type>
<jndi-name>Mail</jndi-name>
</resource-ref>
</jboss-web>
I use to be able to connect. But I'm trying to fix an issue that we started seeing once we deployed production. For most of the application the person logged on drives how the application operates and it seems that the session variable loaded in the filter we have set up wasn't doing what we thought it was. I've now read quite a bit on this subject but I can't say that I fully understand what I've read. I did find an article on the www.luminis.nl site in their publications titled websecurity.html which spelled out a solution. I'm now trying to implement this solution but ran into this issue. As part of this trial I ended up changing our client-login module to use the JBoss ClientLoginModule versus one that was written in house. But I can't see it getting past the j_security_check.
Let me know if I'm mistranslating something or going in the wrong direction. Any suggestions?
Thanks. -
3. Re: j_security_check
judybramlette Oct 28, 2003 9:34 AM (in response to judybramlette)I forgot to mention that I also changed my jboss configuration to match what we have in production. I went from 3.04 to 3.2.
-
4. Re: j_security_check
jcordes Oct 28, 2003 11:49 AM (in response to judybramlette)Did you try the DatabaseServerLoginModule? There was a slight change from JBoss 3.0.x to 3.2.x. At least it works for me with Jetty (don't know why it doen't work with tomcat, though). Here's an example (for MySQL, change accordingly for your Oracle-DB):
<application-policy name = "OracleDbRealm">
<login-module code ="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name ="unauthenticatedIdentity">Anyone</module-option>
<module-option name="dsJndiName">java:/jdbc/OracleDS</module-option>
<module-option name="test">test</module-option>
<module-option name="principalsQuery">SELECT password FROM user WHERE login=?</module-option>
<module-option name="rolesQuery">SELECT role_name, role_group FROM role, user, user_role WHERE user.login=? AND
user.id = user_role.user_id AND user_role.role_id = role.id</module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=OracleDS</module-option>
</login-module>
<login-module code = "org.jboss.security.ClientLoginModule" flag = "required">
</login-module>
</application-policy> -
5. Re: j_security_check
jcordes Oct 30, 2003 3:19 AM (in response to judybramlette)I just found an article, that might be off interest for you. Here's the link http://forum.java.sun.com/thread.jsp?forum=61&thread=452691&tstart=0&trange=15
Bye,
Jochen.