I'm using JBoss 3.0 with Tomcat 4.0.3 under Linux.
I have a strange problem where while using form based authentication, and the database login module. I have a web application in which a portion is secured in the normal way through the web.xml file. I also have a jboss-web.xml file specifing a security domain (AMSDbRealm).
I have created a realm called AMSDbRealm, which uses the database login module with a MySQL datasource (AMSDS).
I've updated the default configuration login-conf.xml file to include the following policy :-
<application-policy name = "AMSDbRealm">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/AMSDS</module-option>
<module-option name = "unauthenticatedIdenty">notauthed</module-option>
<module-option name = "principalsQuery">select password from USER where username=?</module-option>
<module-option name = "rolesQuery">select user_role,user_group from ROLE where username=?</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=AMSDS</module-option>
I've made sure the above queries work in the mysql database, by entering them direct into a command prompt.
Now, the web app begins to behave as expected, when I try to access a restricted area of the web app, a login page is displayed; I enter the username(test) and password, and I receive a http 403 error.
Upon further investigation I realised that the user was being authenticated as expected, but the roles were not being assigned as they should be. To further confirm this theory, I secured my web app with a role of * (any role), and the web app works as normal.
Then I created a jsp page that calls isUserInRole("AuthorisedUser"), and found it returns false.
So I then tried getting more info out of jboss by trying to increaseing(TRACE) logging on various classes, and got the following output imediately after authentication :-
2002-09-30 03:02:32,241 TRACE [org.jboss.security.plugins.JaasSecurityManager.AMSDbRealm] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@43a083
2002-09-30 03:03:22,804 TRACE [org.jboss.security.plugins.JaasSecurityManager.AMSDbRealm] updateCache, subject=Subject:
2002-09-30 03:03:22,839 TRACE [org.jboss.security.plugins.JaasSecurityManager.AMSDbRealm] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@5e7020
So now I'm completely bemused and am in need of some help. Sorry for such a lengthy post, but I didn't want to miss any important info for you guys to help.
Any help would be very much appreciated, thanks.
I tried to have FORM Based authentication too but it didn't work for me. Do you mind attaching the complete example on the forum ? thank's before I appreciate it.
Hi, i've attatched the complete example !!
Ok, finally solved my problem.
In the database, in the Roles table, the RoleGroup field value MUST equal 'Roles'. If this is not the case, the database login module doesn't seem to be able to work out the roles.
Hope this helps others.
Could you please attach me one example without struts configuration, just a simple jsp page example? I've been working on this for weeks now without knowing what's the problem with my login page. Please help me. Thank you very much before I appreciate it.
you can look my posting at:
Hi, sorry I didn't reply !!
Have you solved it yet ??