-
15. Re: Need help with FORM-based authentication (Jboss Develope
hi;
I have test the example, I think it still have the same problem . if I type:
http://localhost:8080/logintest/login.jsp
and then login from there it will give me error message:
WARN [JBossUserRealm#test for login] authentication failure: user1
but if I type:
http://localhost:8080/logintest/restricted/
or
http://localhost:8080/logintest/
then login from there then it will work fine.
is this the correct behaviour? Is the way it supposed to work in Jboss for authentication? Can you please send me the FORM based authentication example? . Please reply. Thank you very much before.
^_^ -
16. Re: Need help with FORM-based authentication (Jboss Develope
hi;
I have test the example, I think it still have the same problem . if I type:
http://localhost:8080/logintest/login.jsp
and then login from there it will give me error message:
WARN [JBossUserRealm#test for login] authentication failure: user1
but if I type:
http://localhost:8080/logintest/restricted/
or
http://localhost:8080/logintest/
then login from there then it will work fine.
is this the correct behaviour? Is the way it supposed to work in Jboss for authentication? Can you please send me the FORM based authentication example? . Please reply. Thank you very much before.
1. in your web.xml, is it true that you can name anything in your realm-name tag as long as you have the tag in web.xml? I tried to change the realm name with other name and still works.
2. I tried to change the realm name to the same name in the login-config.xml which is testDB but it didn't work. Do you have any example that use the DatabaseServerLoginModule? Can you send it to me?
This is my snippet of login-config.xml files:
<application-policy name = "testDB">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/MSSQLDS</module-option>
<module-option name = "principal">ss</module-option>
<module-option name = "principalsQuery">select passwd from Users username where username=?</module-option>
<module-option name = "rolesQuery">select userRoles, userGroup AS ROLE from UserRoles where username=?</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MSSQLDS</module-option>
</login-module>
</application-policy>
^_^ -
17. Re: Need help with FORM-based authentication (Jboss Develope
hi;
I have test the example, I think it still have the same problem . if I type:
http://localhost:8080/logintest/login.jsp
and then login from there it will give me error message:
WARN [JBossUserRealm#test for login] authentication failure: user1
but if I type:
http://localhost:8080/logintest/restricted/
or
http://localhost:8080/logintest/
then login from there then it will work fine.
is this the correct behaviour? Is the way it supposed to work in Jboss for authentication? Can you please send me the FORM based authentication example? . Please reply. Thank you very much before.
I also have other questions:
1. in your web.xml, is it true that you can name anything in your realm-name tag as long as you have the tag in web.xml? I tried to change the realm name with other name and still works.
2. I tried to change the realm name to the same name in the login-config.xml which is testDB but it didn't work. Do you have any example that use the DatabaseServerLoginModule? Can you send it to me?
This is my login-config.xml snippet:
<application-policy name = "testDB">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/MSSQLDS</module-option>
<module-option name = "principal">ss</module-option>
<module-option name = "principalsQuery">select passwd from Users username where username=?</module-option>
<module-option name = "rolesQuery">select userRoles, userGroup AS ROLE from UserRoles where username=?</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MSSQLDS</module-option>
</login-module>
</application-policy>
^_^ -
18. Re: Need help with FORM-based authentication (Jboss Develope
Firstly thank you chgrimm. Your example is great and answered all my questions about servlet security.
The login page, http://localhost:8080/logintest/login.jsp is not intended to be accessed directly. It is only displayed if you try to access something that requires authentication and you have not already been authenticated. If you type the URL for the login page directly in it will not work. This is also the way other containers work.
The <realm-name> in web.xml is only used by BASIC authentication i.e. when <auth-method>BASIC</auth-method>. It is not necessary to specify <realm-name> when using form based authentication.
I have not used authentication using a database for usernames and passwords and therefore do not know if <realm-name> has any relevance but I suspect that it has nothing to do with anything in login-config.xml. I am sure that if I am wrong about this someone will correct this post. -
19. Re: Need help with FORM-based authentication (Jboss Develope
hi ;
thank's for the reply. when you say this is the way other container work which container is that? because container like resin for example I can type the URL http://localhost:8080/logintest/login.jsp. But if this the way it should be then what is the best way to approach this? one way that I come up with is making the http://localhost:8080 point to restricted area and Jboss will redirected to login.jsp and from there I can login.
Is somebody out there can help me???? -
20. Re: Need help with FORM-based authentication (Jboss Develope
By the way do you have BASIC authentication example? could you please attached it on forum?
^_^ -
21. Re: Need help with FORM-based authentication (Jboss Develope
hi;
Does anybody tell me how to use the
MD5 hash algorithm and base64 hash Encoding for the FORM based authentication? do I need to hash the both username and password? Only my password is hashed but not username in database. Can anybody give me step by step example of how to use it?
Here what I put on login-config.xml :
=====================================
<application-policy name = "ADomain">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/MSSQLDS</module-option>
<module-option name = "principal">a</module-option>
<module-option name = "principalsQuery">select hashed_password from Users where userID=?</module-option>
<module-option name = "rolesQuery">select a.userRoles, 'Roles' AS ROLE from UserTypes a, Users b where a.userTypeID = b.userTypeID AND b.userID=?</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">base64</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MSSQLDS</module-option>
</login-module>
</application-policy> -
22. Re: Need help with FORM-based authentication (Jboss Develope
Just an additional comment on: The login page, http://localhost:8080/logintest/login.jsp is not intended to be accessed directly.
The container has no chance of knowing what resource you are interested in by just accessing the login page. -
23. Re: Need help with FORM-based authentication (Jboss Develope
hi;
you're right but in other container like resin you can redirect all request to one welcome page after you login using j_uri. Let's say if I have 2 pages within restricted directory called a.jsp and b.jsp.
No matter what url you type (http://localhost:8080/loginTest/restricted/a.jsp or
http://localhost:8080/loginTest/restricted/b.jsp) if you're not login yet then it'll go to one page, for example: welcome.jsp then in your j_uri in login page you put it as hidden input: http://localhost:8080/loginTest/restricted/welcome.jsp.
Can we achieved this with Jboss? Does anybody have ever done this before? please reply. -
24. Re: Need help with FORM-based authentication (Jboss Develope
hi
i am having the same problem with FORM authentication using JBoss3.0.0-Tomcat4.0.3
I am taken to the logon.jsp page when I am trying to access a secured resource, but the authentication does not work at all. One could get in with any username/password combination. I do not see any trace of the JDBC Realm being invoked by Tomcat to perform the authentication. I guess I have some piece missing.
Here is a list of my XML config files,
jboss_home/server/default/conf/login-config.xml
**********************************************************
<!-- The XML based JAAS login configuration read by the
org.jboss.security.auth.login.XMLLoginConfig mbean. Add
an application-policy element for each security domain.
The outline of the application-policy is:
<application-policy name="security-domain-name">
<login-module code="login.module1.class.name" flag="control_flag">
<module-option name = "option1-name">option1-value</module-option>
<module-option name = "option2-name">option2-value</module-option>
...
</login-module>
<login-module code="login.module2.class.name" flag="control_flag">
...
</login-module>
...
</application-policy>
$Revision: 1.1.2.1 $
-->
<!-- Used by clients within the application server VM such as
mbeans and servlets that access EJBs.
-->
<application-policy name = "client-login">
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
</application-policy>
<!-- Security domain for JBossMQ -->
<application-policy name = "jbossmq">
<login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
flag = "required">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name = "sm.objectnam">jboss.mq:service=StateManager</module-option>
</login-module>
</application-policy>
<!-- Security domains for testing new jca framework -->
<application-policy name = "HsqlDbRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">sa</module-option>
<module-option name = "userName">sa</module-option>
<module-option name = "password"></module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=hsqldbDS</module-option>
</login-module>
</application-policy>
<application-policy name = "FirebirdDBRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">sysdba</module-option>
<module-option name = "userName">sysdba</module-option>
<module-option name = "password">masterkey</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
</login-module>
</application-policy>
<application-policy name = "JmsXARealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">guest</module-option>
<module-option name = "userName">guest</module-option>
<module-option name = "password">guest</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=jmsra</module-option>
</login-module>
</application-policy>
<!-- The default login configuration used by any security domain that
does not have a application-policy entry with a matching name
-->
<application-policy name = "other">
<!-- A simple server login module, which can be used when the number
of users is relatively small. It uses two properties files:
users.properties, which holds users (key) and their password (value).
roles.properties, which holds users (key) and a comma-separated list of
their roles (value).
The unauthenticatedIdentity property defines the name of the principal
that will be used when a null username and password are presented as is
the case for an unuathenticated web client or MDB. If you want to
allow such users to be authenticated add the property, e.g.,
unauthenticatedIdentity="nobody"
-->
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>
<application-policy name = "MSSQLDBRealm2">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">guest</module-option>
<module-option name = "userName">guest</module-option>
<module-option name = "password">guest</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=compquick_DS</module-option>
</login-module>
</application-policy>
<application-policy name = "MSSQLDbRealm">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name="dsJndiName">java:/compquick_DS</module-option>
<!--<module-option name = "principal">fund_adv</module-option>-->
<module-option name = "principalsQuery">select Password from Principal where Login=?</module-option>
<module-option name = "rolesQuery">select User_Role_Name from User_Role_Principal where Principal_ID=?</module-option>
<!--<module-option name="unauthenticatedIdentity">nobody</module-option>-->
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=compquick_DS</module-option>-->
</login-module>
</application-policy>
*********************************************************
/WEB-INF/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>II Resource</web-resource-name>
<url-pattern>/quote_management/*</url-pattern>
<!--<url-pattern>*.html</url-pattern>-->
<!--II Resource Description-->
</web-resource-collection>
<auth-constraint>
<role-name>agent</role-name>
<!--II Users-->
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MSSQLDbRealm</realm-name>
<form-login-config>
<form-login-page>/logon.jsp</form-login-page>
<form-error-page>/logon_error.jsp</form-error-page>
</form-login-config>
</login-config>
**********************************************************
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/MSSQLDbRealm</security-domain>
</jboss-web>
*********************************************************
jboss_home/server/default/deploy/tomcat4-service.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- Set catalina.home to the location of the Tomcat-4.x dist.
The default value is that of the JBoss/Catalina bundle where the
jakarta-tomcat-4.0.3-LE-jdk14 is included as jboss_dist/catalina
-->
<!DOCTYPE server [
<!ENTITY catalina.home "../catalina">
]>
<!-- The service configuration for the embedded Tomcat4 web container
-->
&catalina.home;
<!-- A HTTP Connector on port 8080 -->
*********************************************************
Please take a look at the files pasted above and let me know if i am missing something/done something wrong with the config.