3 Replies Latest reply on Aug 3, 2002 1:09 PM by Dmitry

    Authentication in JBoss3.0.0

    Marcus Brito Novice

      Hello, folks. I'm having some troubling setting up authentication for a web app in JBoss 3.0.0 (3.0.0beta2(200204161011), checked out from CVS an hour ago).

      I have an app (deployed under context /af) that needs to be secured. Here's the web.xml and jboss-web.xml portion relative to security:
      [pre]
      <!-- web.xml -->
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>AF</web-resource-name>
      A aplicação inteira
      <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>AFApp</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>Teledata</realm-name>
      </login-config>


      <!-- jboss-web.xml -->
      <security-domain>java:/jaas/TeledataRealm</security-domain>
      [/pre]

      I also modified login-config.xml. Here's the realm configuration for this app:
      [pre]
      <application-policy name="TeledataRealm">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule">
      <module-option name="dsJndiName">java:/TeledataDS</module-option>
      <module-option name="principalsQuery">
      SELECT senha FROM agentes WHERE login = ?
      </module-option>
      <module-option name="rolesQuery">
      SELECT role_name, role_group FROM roles WHERE role_agen_login = ?
      </module-option>
      </login-module>

      </application-policy>
      [/pre]

      When accessing my app, the browser's login windown DOES popup. However, it accepts any user/password combination, including nonexistant users.

      Anyone can shed some light into my problem?