3 Replies Latest reply on Feb 19, 2010 11:27 AM by Wolfgang Knauf

    403 error after login

    Luca Santaniello Newbie

      Hi,

       

      I want to configure my application policy. I use jboss 4.2.3 GA for windows o.s.

       

      I insert into login-config.xml this code:

       

          <application-policy name="myPolicy">
             <authentication>
                <login-module code="org.jboss.security.ClientLoginModule" flag="required">
                   <module-option name="dsJndiName">java:/MyDS</module-option>
                   <module-option name="principalsQuery">SELECT password FROM account WHERE username=?</module-option>
                   <module-option name="rolesQuery">SELECT distinct(ruolo), 'Roles' FROM ruolo</module-option>
                </login-module>
             </authentication>
          </application-policy>

       

      "SELECT distinct(ruolo), 'Roles' FROM ruolo" is test query, after I change it.

       

      My web.xml is:

       

          <security-constraint>
              <web-resource-collection>
                  <web-resource-name>All</web-resource-name>
                  <url-pattern>/*</url-pattern>
                  <http-method>GET</http-method>
                  <http-method>POST</http-method>
              </web-resource-collection>
              <auth-constraint>
                  <role-name>MyRole</role-name>
              </auth-constraint>
          </security-constraint>
         
          <security-role>
              <role-name>MyRole</role-name>
          </security-role>

       

      My jboss-web.xml is:

       

      <jboss-web>
        <security-domain>java:/jaas/myPolicy</security-domain>
      </jboss-web>

       

      My problem is:

       

      I login in my system correctly. Infact, if i use getRemoteUser, I read my username, but if I access my protect page, I get 403 error!

       

      I have used other policy and it run.

       

          <application-policy name="myProfile">
             <authentication>
                <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
                 <module-option name="usersProperties">my-users.properties</module-option>
                 <module-option name="rolesProperties">my-roles.properties</module-option>
                </login-module>
             </authentication>
          </application-policy->

       

      Can help me please?

       

      Thanks

        • 1. Re: 403 error after login
          Wolfgang Knauf Master

          Hi,

           

          shouldn't your login module be of type "org.jboss.security.auth.spi.DatabaseServerLoginModule"?

           

          Hope this helps

           

          Wolfgang

          • 2. Re: 403 error after login
            Luca Santaniello Newbie

            Thanks for reply.

             

            If i use this code:

             

                <application-policy name = "myPolicy">
                   <authentication>
                      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
                         flag = "required">
                         <module-option name = "unauthenticatedIdentity">guest</module-option>
                         <module-option name = "dsJndiName">java:/MyDS</module-option>
                         <module-option name = "principalsQuery">SELECT password FROM account WHERE username=?</module-option>
                         <module-option name = "rolesQuery">SELECT ruolo, 'Roles' FROM ruolo WHERE ruolo = 'CARTO_WRITE OR ruolo=?</module-option>
                      </login-module>
                   </authentication>
                </application-policy>  

             

            I can't login in my application.

             

            How can I log my login operation? I want see query sql that jboss call.

             

            Thanks

            • 3. Re: 403 error after login
              Wolfgang Knauf Master

              Hi,

               

              see this, question 4 for a howto on activating logging:

               

              {url}http://community.jboss.org/wiki/SecurityFAQ{url}

               

              Your last login-config.xml snippet contained a small typo (missing quote in "... ruolo = 'CARTO_WRITE OR ...")

               

              Best regards

               

              Wolfgang