Strangely, I have no problems getting JAAS working through a database, but I wanted to try the "simple" way using j_security_check.
Initially things look fine - I enter a protected URL and the login2.jsp pops up. However, whatever user/password I type in, the system authenticates it as valid.
The relevant section of my web.xml looks like:
An example security config that only allows users with the role DSUser to access signin
I have the DrillSgt realm specified in the login-config.xml file as:
<application-policy name = "DrillSgt">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/DrillDB</module-option>
<module-option name = "principalsQuery">select Password from UserDS where Email = ?</module-option>
<module-option name = "rolesQuery">select Role, RoleGroup from RoleDS where Email = ?</module-option>
And it is also in the jboss-web.xml file as:
<?xml version="1.0" encoding="UTF-8" ?>
Any ideas what I am doing wrong? I have searched and searched in this forum, but nothing seems to help. I am just trying to see how j_security_check works - the JAAS code that already works is what I will use in my application - but curiousity has gotten the better of me.
Thanks in advance for any help!!!