principalRoles=null
wouter Apr 8, 2002 10:44 AMI use JBoss-2.4.4 - Tomcat-4.0.1 and configured security using DatabaseServerLoginModule as described below.
Everything works all right, except the users role is not retrieved from the database.
When I try to access a protected web page (using form login), username and password are correctly checked against
database values. When I enter wrong user or password I get the errorpage, when I enter correct user and password user is authenticated but access is always denied because role not known. Access is granted when security role is set to * in web.xml.
Same problem when accessing an EJB from a test client, see error below. Apparently user is authenticated but his role is not set.
What am I missing or what is my mistake ? I found other threads on this but their problem seemed to be in the 'Roles' for role_group. I suppose I have this right ?
Sorry for the huge msg, I just want to give all elements.
Thanks,
Wouter
Database contents :
-------------------
mysql> use bcc17util;
Database changed
mysql> select * from users;
+----------------------+-------------+----------+
| user | password | language |
+----------------------+-------------+----------+
| user_admin | change_this | E |
| user_statementholder | change_this | E |
+----------------------+-------------+----------+
2 rows in set (0.00 sec)
mysql> select * from user_roles;
+----------------------+-----------------+------------+
| user | role | role_group |
+----------------------+-----------------+------------+
| user_admin | admin | Roles |
| user_statementholder | statementholder | Roles |
+----------------------+-----------------+------------+
2 rows in set (0.00 sec)
Mapping of the utilityDS in jboss.jcml :
----------------------------------------
org.jboss.pool.jdbc.xa.wrapper.XADataSourceImpl
utilityDS
jdbc:mysql://localhost:3306/bcc17util
jboss
[password here]
DatabaseServerLoginModule in auth.conf :
----------------------------------------
bcc17 {
org.jboss.security.auth.spi.DatabaseServerLoginModule required
dsJndiName="java:/utilityDS"
principalsQuery="select password from users where user=?"
rolesQuery="select role, role_group from user_roles where user=?";
};
Security domain entry in jboss.xml and jboss-web.xml :
------------------------------------------------------
<security-domain>java:/jaas/bcc17</security-domain>
Code used in a test class to do the login :
-------------------------------------------
(reference to client/auth.conf set in System properties)
...
String user = "user_admin";
String password = "change_this";
try {
LoginContext lc = new LoginContext("bcc17", new AppCallbackHandler(user, password.toCharArray()));
lc.login();
}
...
Exception :
-----------
[ERROR,SecurityInterceptor] Insufficient method permissions,
principal=user_admin, method=create, requiredRoles=
- , principalRoles=null