1 Reply Latest reply on Oct 5, 2002 2:06 AM by Richard Berger

    Can't get j_security_check to work in JBoss 3.0.2... please

    Richard Berger Newbie

      Strangely, I have no problems getting JAAS working through a database, but I wanted to try the "simple" way using j_security_check.

      Initially things look fine - I enter a protected URL and the login2.jsp pops up. However, whatever user/password I type in, the system authenticates it as valid.

      The relevant section of my web.xml looks like:
      An example security config that only allows users with the role DSUser to access signin

      I have the DrillSgt realm specified in the login-config.xml file as:
      <application-policy name = "DrillSgt">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "dsJndiName">java:/DrillDB</module-option>
      <module-option name = "principalsQuery">select Password from UserDS where Email = ?</module-option>
      <module-option name = "rolesQuery">select Role, RoleGroup from RoleDS where Email = ?</module-option>


      And it is also in the jboss-web.xml file as:
      <?xml version="1.0" encoding="UTF-8" ?>

      Any ideas what I am doing wrong? I have searched and searched in this forum, but nothing seems to help. I am just trying to see how j_security_check works - the JAAS code that already works is what I will use in my application - but curiousity has gotten the better of me.

      Thanks in advance for any help!!!