0 Replies Latest reply on Dec 4, 2003 11:36 AM by Giovanni Formenti

    Status 403

    Giovanni Formenti Newbie

      I'd like to create a war with some security constraints!

      I modify login-config.xml and I create the database's tables:
      <application-policy name = "dafne">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "dsJndiName">java:/MySqlDS</module-option>
      <module-option name = "principalsQuery">SELECT PASSWORD FROM PRINCIPALS WHERE PRINCIPAL_ID=?</module-option>
      <module-option name = "rolesQuery">SELECT ROLE,ROLEGROUP FROM ROLES WHERE PRINCIPAL_ID=?</module-option>


      I create jboss-web.xml:

      And finally I put the web constraints:

      The authantication works good:
      xxx.xxx.xxx.xxx - admin [04/Dec/2003:18:28:16 1000] "GET /aaa/index.jsp HTTP/1.1" 403 839
      but a 403 will appear:
      Access to the specified resource (Access to the requested resource has been denied) has been forbidden

      Maybe JBoss can't bound username with role...
      Why this don't work!? What I miss?!
      Help me please!!!