3 Replies Latest reply on Aug 10, 2003 4:53 AM by Tilo Thiele

    How to tell the web-container which login-module to use for

    Tilo Thiele Newbie

      Help please!!

      Why the hell doesn't take jboss/jetty the login-configuration that I tell him to use?
      The webcontainer shows the login-form when I want access e.g. http://localhost:8080/repository/prototype/home.do
      But I can enter whatever I want as username/password to access the pages - which is not the desired behaviour.
      However, a SecurityException occurs when a call to an ejb is done (which is ok because I did'nt authenticate correctly).

      Can someone please give me a hint.
      Thanks,
      Tilo

      ------------------------------------------------
      This is my jboss-web.xml:

      ...
      <jboss-web>
      <security-domain>java:/jaas/repository-realm</security-domain>
      ...

      ------------------------------------------------
      This is my login-config.xml:

      ...
      <application-policy name = "repository-realm">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "principalsQuery">select password from User where username=?</module-option>
      <module-option name = "rolesQuery">select distinct r.rolename, 'Roles' from Role r, RoleMap m, User u where r.roleid=m.roleid and
      m.userid=u.userid and u.username=?</module-option>
      <module-option name = "dsJndiName">java:/MysqlWebtestDS</module-option>
      </login-module>
      <login-module code = "org.jboss.security.ClientLoginModule"
      flag = "required">
      </login-module>

      </application-policy>
      ...

      ------------------------------------------------
      This is my web.xml:

      ...
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>WebTest-Repository</web-resource-name>
      <url-pattern>/prototype/*</url-pattern>
      <url-pattern>/application/*</url-pattern>
      <url-pattern>/repository/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>user</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>repository-realm</realm-name>
      <form-login-config>
      <form-login-page>/login.do</form-login-page>
      <form-error-page>/login/login-error.html</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      <role-name>user</role-name>
      </security-role>
      ...