1 Reply Latest reply on May 11, 2004 1:33 AM by Dmitry Mozheyko

    FORM dataBase authentication problem

    George -.IO.- Newbie

      Hi All,
      I am trying to setup a simple FORM database authentication but I have some problem...
      The authentication seems to pass but then I get an "HTTP Status 403 - Access to the requested resource has been denied" from the Tomcat.
      The strange thing is that when I am using the users.properties & roles.properties files all going just fine.
      The only change that I made using the database was in the login-config.xml

       <application-policy name="sms">
       <authentication>
      <!-- <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
       flag = "required" />
      -->
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag="required">
       <module-option name="dsJndiName">java:/PostgresDS</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      In the database exist 2 tables named
      roles
      CREATE TABLE roles
      (
       principalid varchar(64) NOT NULL,
       role varchar(32),
       rolegroup varchar(32)
      ) ;
      


      and principals
      CREATE TABLE principals
      (
       principalid varchar(64) NOT NULL,
       password varchar(100),
       CONSTRAINT principals_pkey PRIMARY KEY (principalid)
      ) ;
      


      I suspect that the problem must be in web.xml
      <welcome-file-list>
       <welcome-file>index.jsp</welcome-file>
       </welcome-file-list>
      
       <error-page>
       <error-code>404</error-code>
       <location>/error.jsp</location>
       </error-page>
      
       <security-constraint>
       <display-name>Server Configuration Security Constraint</display-name>
       <web-resource-collection>
       <web-resource-name>AdminPages</web-resource-name>
       <description>no description</description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>Administrator</role-name>
       </auth-constraint>
       <user-data-constraint>
       <description>Access by Administrator</description>
       <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
       </security-constraint>
      
       <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>sms</realm-name>
       <form-login-config>
       <form-login-page>/logon.jsp</form-login-page>
       <form-error-page>/error_login.jsp</form-error-page>
       </form-login-config>
       </login-config>
      
       <security-role>
       <role-name>Administrator</role-name>
       </security-role>
      
      


      or jboss-web.xml

      <jboss-web>
       <security-domain>java:/jaas/sms</security-domain>
      </jboss-web>
      


      Did I miss something ??