0 Replies Latest reply on Mar 10, 2003 6:10 AM by Ricky

    problem with UsersRolesLogin

    Ricky Newbie

      hi all,
      I've a problem that's driving me crazy: i'm using jboss 3.0.6 with tomcat 4.1.18 and I'd like to securing an url (a servlet). I set up all configuration xml files, but I'm never being prompted for login (user/pass) and I'm always sent to "error 403-forbidden".
      here are shown these files:

      login-config.xml (from jboss/server/default/conf directory)
      -------------------------
      <application-policy name = "cliente">

      <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
      <module-option name = "usersProperties">users.properties</module-option>
      <module-option name = "rolesProperties">roles.properties</module-option>
      <module-option name = "unauthenticatedIdentity">nobody</module-option>
      </login-module>

      </application-policy>
      --------------------------

      users.properties (from jar archive)
      ----------------
      # users.properties
      ricky=gerva
      test=password
      -----------------------

      roles.properties (from jar archive)
      ----------------------------
      ricky=role1
      test=role1
      ---------------------------

      ejb-jar.xml (from jar)
      ---------------------------
      <enterprise-beans>
      ..............
      </enterprise-beans>


      <assembly-descriptor>
      <security-role>
      <role-name>role1</role-name>
      </security-role>
      </assembly-descriptor>
      ---------------------------

      jboss.xml (from jar archive)
      -----------------------------
      <enterprise-beans>
      ..............................

      </enterprise-beans>

      <security-domain>java:/jaas/cliente</security-domain>
      -----------------------------

      jboss-web.xml (from war archive)
      --------------------------------------
      <security-domain>java:/jaas/cliente</security-domain>
      --------------------------------------

      web.xml (from war archive)
      --------------------------------------
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Secure Servlets</web-resource-name>
      <url-pattern>/servlet/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>role1</role-name>
      </auth-constraint>
      </security-constraint>
      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>secure area</realm-name>
      </login-config>
      <security-role>
      <role-name>role1</role-name>
      </security-role>
      --------------------------------------

      thank you all
      Riccardo