0 Replies Latest reply on Aug 20, 2002 10:51 AM by Torsten Terp

    Strange security error going from jBoss 3.0.1RC1 -> 3.0.1

    Torsten Terp Newbie


      Hi

      All access to my app is redirected to /login.jsp which uses j_security_check and later on the DatabaseServerLoginModule to authorize and authenticate.

      Using jBoss 3.0.1RC1 this works fine, the /login.jsp contains a form which uses j_security_check with input j_username and j_password. Submitting the form results in the DatabaseServerLoginModule performing its queries and the user is allowed access to the site.

      Changing to jBoss 3.0.1 (and jBoss3.0.2RC1 from CVS) caused this to stop working!?!?!

      When a user tries to hit a page he is redirected to login.jsp. which is ok, but this page is rendered blank:

      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

      <META http-equiv=Content-Type content="text/html;
      charset=windows-1252">


      Have anybody experienced this or know a solution?

      Any pointers or hints are greatly appreciated..

      Thanks in advance..

      ^Torsten


      Below are config files:

      <jboss_home>/server/default/conf/login-config.xml:

      <application-policy name = "TestBBRealm">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name = "dsJndiName">java:/TestBBDS</module-option>
      <module-option name = "principalsQuery">select passwd from
      employee where username = ?</module-option>
      <module-option name = "rolesQuery">select
      employee_has_userrole.userrole, 'Roles' from employee_has_userrole, employee
      where employee.employee_id = employee_has_userrole.employee_id and
      employee.username = ?</module-option>
      </login-module>

      </application-policy>


      <war-file>/WEB-INF/jboss-web.xml:

      <jboss-web>
      <security-domain>java:/jaas/TestBBRealm</security-domain>
      </jboss-web>


      <war-file>/WEB-INF/web.xml:

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>normal</web-resource-name>
      <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>normal</role-name>
      </auth-constraint>
      </security-constraint>
      ...
      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>TestBBRealm</realm-name>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/loginError.jsp</form-error-page>
      </form-login-config>
      </login-config>