4 Replies Latest reply on Apr 24, 2003 3:12 PM by Peter Doornbosch

    Need help: Error 403 Access denied in JBoss Authorization

    wkuncoro Newbie

      Hi, I’m new to JBoss. We used to use Tomcat but now we are moving to JBoss3.0-Tomcat4.1. I have been trying to implement Form and BASIC security for some resources in my web applications, using realm SQL Server 2000 JDBC authentication. First I tried to run .war file in Tomcat and it was working fine. And now I bundle the .war file to .ear file, with the same source code as in Tomcat, and I set up necessary configuration, including adding jboss-web.xml.

      When I put wrong username/password, JBoss detects it. But when I write correct username/password I got error 403 Access is denied. I checked role and other settings and I feel I configured them correctly because it was working fine in .war file in Tomcat.

      I have spent so many hours on this. I have read both free and paid JBoss pdf documentations and followed examples in some websites but I still stuck in this error. Please anyone help me. This is my configuration, is there something I missed?

      There are 2 tables in SQL Server database: users and role. I assign role of manager to users there, and it was working well with Tomcat.

      I tried both BASIC and Form authentication.

      Thank you so much for any help.
      Markus.


      1. login-config.xml
      <application-policy name="jdbcRealm">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="dsJndiName">java:/MyDS</module-option>
      <module-option name="principalsQuery">select password from users where username=?</module-option>
      <module-option name="rolesQuery">select role, rolegroup from roles where username=?</module-option>
      </login-module>

      </application-policy>

      2. mssql-service.xml
      MyDS


      <config-property name="ConnectionURL" type="java.lang.String">jdbc:JTurbo://10.10.0.42/publication</config-property>
      <config-property name="DriverClass" type="java.lang.String">com.newatlanta.jturbo.driver.Driver</config-property>
      <config-property name="UserName" type="java.lang.String">sa</config-property>
      <config-property name="Password" type="java.lang.String">sa</config-property>



      3. jboss.xml

      <security-domain>java:/jaas/jdbcRealm</security-domain>


      4. jboss-web.xml
      <jboss-web>
      <security-domain>java:/jaas/jdbcRealm</security-domain>
      </jboss-web>

      5. web.xml
      <security-constraint>
      <display-name>Login Test</display-name>
      <web-resource-collection>
      <web-resource-name>jdbcRealm</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>manager</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>
      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>jdbcRealm</realm-name>
      </login-config>
      <security-role>
      <role-name>manager</role-name>
      </security-role>

      6. ejb-jar.xml
      <assembly-descriptor>
      <security-role>
      <role-name>manager</role-name>
      </security-role>
      <method-permission>
      <role-name>manager</role-name>

      <ejb-name>Facade</ejb-name>
      <method-name>create</method-name>


      <ejb-name>Facade</ejb-name>
      <method-name>Hello</method-name>

      </method-permission>
      </assembly-descriptor>