2 Replies Latest reply on Jun 22, 2004 2:02 AM by blackers

    Webapp Always Allows Access Using Basic Authentication


      Hi my problem is that no matter what username password combo I enter in my login box (BASIC authentication) I am always granted access to the restricted resources.

      my jboss-web.xml is as follows


      my web.xml is as follows

      bla bla bla

      <realm-name>JBoss JMX Console</realm-name>


      login-conf.xml is as follows


      <application-policy name = "webcreator">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "dsJndiName">java:/mysqlDS</module-option>
      <module-option name = "principalsQuery">select password from users where username=?</module-option>
      <module-option name = "rolesQuery">select role 'Role', "Roles" as RoleGroup from access where username=?</module-option>



      by changing the above details for securing jmx-console works fine and only the appropriate users have access, so I don't think there is a problem with the DatabasServerLoginModule in login-config.xml.

      Can anybody help with why it always lets me in, in my webapp.

      Is there anything else that is required other that jboss-web.xml, web.xml and login-config.xml