isUserInRole() method fails
tdhak Sep 29, 2002 11:02 PMHi,
I'm using JBoss 3.0 with Tomcat 4.0.3 under Linux.
I have a strange problem where while using form based authentication, and the database login module. I have a web application in which a portion is secured in the normal way through the web.xml file. I also have a jboss-web.xml file specifing a security domain (AMSDbRealm).
I have created a realm called AMSDbRealm, which uses the database login module with a MySQL datasource (AMSDS).
I've updated the default configuration login-conf.xml file to include the following policy :-
<application-policy name = "AMSDbRealm">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/AMSDS</module-option>
<module-option name = "unauthenticatedIdenty">notauthed</module-option>
<module-option name = "principalsQuery">select password from USER where username=?</module-option>
<module-option name = "rolesQuery">select user_role,user_group from ROLE where username=?</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=AMSDS</module-option>
</login-module>
</application-policy>
I've made sure the above queries work in the mysql database, by entering them direct into a command prompt.
Now, the web app begins to behave as expected, when I try to access a restricted area of the web app, a login page is displayed; I enter the username(test) and password, and I receive a http 403 error.
Upon further investigation I realised that the user was being authenticated as expected, but the roles were not being assigned as they should be. To further confirm this theory, I secured my web app with a role of * (any role), and the web app works as normal.
Then I created a jsp page that calls isUserInRole("AuthorisedUser"), and found it returns false.
So I then tried getting more info out of jboss by trying to increaseing(TRACE) logging on various classes, and got the following output imediately after authentication :-
2002-09-30 03:02:32,241 TRACE [org.jboss.security.plugins.JaasSecurityManager.AMSDbRealm] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@43a083
2002-09-30 03:03:22,804 TRACE [org.jboss.security.plugins.JaasSecurityManager.AMSDbRealm] updateCache, subject=Subject:
Principal: test
Principal: AuthorisedUser
2002-09-30 03:03:22,839 TRACE [org.jboss.security.plugins.JaasSecurityManager.AMSDbRealm] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@5e7020
So now I'm completely bemused and am in need of some help. Sorry for such a lengthy post, but I didn't want to miss any important info for you guys to help.
Any help would be very much appreciated, thanks.
Tarwinder Dhak