1 2 Previous Next 24 Replies Latest reply on Oct 9, 2002 6:33 PM by x

    Need help with FORM-based authentication (Jboss Developer He

    TJ Newbie

      hi everyone;
      I tried to make the FORM based authentication work using Jboss 3.0.2 in windows 2000 but whenever I tried to login (http://localhost:8080/loginTest/index.jsp), I alwalys got the error page even though I successfuly login and got this message from Jboss:
      "WARN [JBossUserRealm#testDB] authentication failure: null"
      I also can still see the welcome page (http://localhost:8080/loginTest/) even though it's in secured folder which user can only see if you're login. But if I login using http://localhost:8080/loginTest/secured/welcome.jsp
      then it will bring me to the login page(index.jsp) that will take me to the welcome page if I login correctly.

      This is my login file (index.jsp):




      <!-- you can also use this : -->

      <!---->



      Username:
      Password:





      this is what I configured in login-config.xml
      ===========================

      <application-policy name = "testDB">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "dsJndiName">java:/MSSQLDS</module-option>
      <module-option name = "principal">tj</module-option>

      <module-option name = "principalsQuery">select passwd from Users username where username=?</module-option>
      <module-option name = "rolesQuery">select userRoles, 'Roles' from UserRoles where username=?</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MSSQLDS</module-option>

      </login-module>

      </application-policy>


      this is my jboss-web.xml
      ========================

      <jboss-web>
      <!-- Uncomment the security-domain to enable security. You will
      need to edit the htmladaptor login configuration to setup the
      login modules used to authentication users.
      <security-domain>java:/jaas/jmx-console</security-domain>
      -->

      <security-domain>java:/jaas/testDB</security-domain>


      </jboss-web>

      this is my web.xml
      ==================
      <?xml version="1.0"?>
      <!DOCTYPE web-app PUBLIC
      "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
      "http://java.sun.com/dtd/web-app_2_3.dtd">

      <web-app>
      <!--make sure to put the welcome-file-list before security-constraint tag-->
      <!--otherwise it will complain and does not work-->
      <!--if welcome-file contains : /secured/welcome.jsp then it will complain(but sometimes NOT)-->
      <!-- so you have to take / to be: secured/welcome.jsp so that it will not -->
      <!--complain again-->

      <welcome-file-list>
      <welcome-file>secured/welcome.jsp</welcome-file>
      </welcome-file-list>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>customer</web-resource-name>
      <!-- Define the context-relative URL(s) to be protected -->
      <url-pattern>/secured/*</url-pattern>
      <!-- If you list http methods, only those methods are protected -->
      <http-method>DELETE</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      </web-resource-collection>

      <auth-constraint>
      <!-- Anyone with one of the listed roles may access this area -->
      <role-name>customer</role-name>
      <role-name>manager</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>


      <!-- Default login configuration uses form-based authentication -->
      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>testDB</realm-name>
      <form-login-config>
      <form-login-page>/index.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <!--security-role>
      <role-name>customer</role-name>
      </security-role-->
      </web-app>



      I have read some couple posting in forum but I still don't see any complete working example for Jboss3.0.2 (including the .jsp page). Could anybody please post one working example ? I have posted couple questions before but I haven't had any help from the forum so please need help maybe somebody from Jboss Developer?

        1 2 Previous Next