0 Replies Latest reply on Nov 23, 2003 7:08 AM by jason.donovan

    no verification

    jason.donovan Newbie

      I'm trying to secure a part of my web-app;

      Works fine, goes auto to logon.jsp

      But it accept everything.

      Have a MySQL db with
      Dbname = "secure"
      user_name(PK) - user_pass ==>users
      user_name(PK) - role_name(PK) ==> user_roles

      in Web.xml

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>admin</web-resource-name>
      <url-pattern>/secure/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>admin</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>admin</realm-name>
      <form-login-config>
      <form-login-page>/logon.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      <role-name>admin</role-name>
      </security-role>

      in login-config.xml

      <application-policy name = "admin">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name = "dsJndiName">java:/DefaultDS007</module-option>
      <module-option name = "principalsQuery">select user_pass from users where user_name=?</module-option>
      <module-option name = "rolesQuery">select role_name, 'Roles' from user_role where user_name=?</module-option>
      </login-module>

      </application-policy>

      in mysql-service.xml ==> in deploy/


      DefaultDS007


      <config-property name="ConnectionURL" type="java.lang.String">jdbc:mysql://127.0.0.1:3306/secure</config-property>
      <config-property name="DriverClass" type="java.lang.String">mysql-connector-java-3.1.0-alpha-bin.jar</config-property>
      <config-property name="UserName" type="java.lang.String"></config-property>
      <config-property name="Password" type="java.lang.String"></config-property>


      <depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper


      any suggestion

      thx in advance.