0 Replies Latest reply on Oct 26, 2004 7:15 PM by vijaiah vangara

    Struts + DatabaseServerLoginModule + JBOSS4.0

    vijaiah vangara Newbie

      Hello there,

      Here is what i am doing....

      My login-config.xml is,

      <application-policy name = "mtswebportal">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name = "dsJndiName">java:/mtswebportal</module-option>
      <module-option name = "principalsQuery">SELECT PASS FROM users WHERE LOGIN=?</module-option>
      <module-option name = "rolesQuery">SELECT ROLE, 'Roles' FROM users WHERE LOGIN=?</module-option>
      <module-option name = "unauthenticatedIdentity">anonymouse</module-option>
      </login-module>

      </application-policy>


      2. My web.xml is,

      <?xml version="1.0" encoding="ISO-8859-1" ?>
      <!DOCTYPE web-app
      PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
      "http://java.sun.com/dtd/web-app_2_3.dtd">

      <web-app>
      <display-name>Hello World Login Test Application</display-name>

      <servlet-name>action</servlet-name>
      <servlet-class>
      org.apache.struts.action.ActionServlet
      </servlet-class>
      <init-param>
      <param-name>config</param-name>
      <param-value>/WEB-INF/struts-config.xml</param-value>
      </init-param>
      <init-param>
      <param-name>debug</param-name>
      <param-value>3</param-value>
      </init-param>
      <init-param>
      <param-name>detail</param-name>
      <param-value>3</param-value>
      </init-param>
      <load-on-startup>1</load-on-startup>


      <servlet-mapping>
      <servlet-name>action</servlet-name>
      <url-pattern>*.do</url-pattern>
      </servlet-mapping>

      <welcome-file-list>
      <welcome-file>index.jsp</welcome-file>
      </welcome-file-list>

      <security-constraint>
      <display-name>Server Configuration Security Constraint</display-name>
      <!-- the collection of resources to which the sucurity constraint applies -->
      <web-resource-collection>
      <web-resource-name>Secure Resources</web-resource-name>
      Security constraint for all resources
      <!-- the pattern that this constraint applies to -->
      <url-pattern>/*</url-pattern>
      <!-- the HTTP methods that this constraint applies to -->
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      <!-- the user roles that should be permitted access to this resource collection -->
      <auth-constraint>
      Only allow those users that are in the following role
      <role-name>user</role-name>
      </auth-constraint>
      <!-- declare a transport guarantee, if any -->
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>


      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>mtswebportal</realm-name>
      <form-login-config>
      <form-login-page>/LoginFormDetails.jsp</form-login-page>
      <form-error-page>/LoginFormDetails.jsp</form-error-page>
      </form-login-config>
      </login-config>


      <taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
      <taglib-location>/WEB-INF/struts-html.tld</taglib-location>



      <taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
      <taglib-location>/WEB-INF/struts-bean.tld</taglib-location>

      </web-app>


      3. My jboss-web.xml is...

      <?xml version="1.0"?>
      <!DOCTYPE jboss-web
      PUBLIC "-//JBoss//DTD Web Application 2.3//EN"
      "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">

      <jboss-web>
      <!-- tell jboss what realm to use for authentication -->
      <security-domain>java:/jaas/mtswebportal</security-domain>
      </jboss-web>

      4. My jboss.xml is...

      <?xml version="1.0"?>
      <!DOCTYPE jboss
      PUBLIC "-//JBoss//DTD Web Application 2.3//EN"
      "http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd">

      <jboss-web>
      <!-- tell jboss what realm to use for authentication -->
      <security-domain>java:/jaas/mtswebportal</security-domain>
      </jboss-web>

      5. My LoginFormDetails.jsp is

      <%@ page contentType="text/html; charset=UTF-8" %>
      <%@ page language="java" %>


      Hello VIJAY
      <!-- To prevent caching -->
      <%
      response.setHeader("Cache-Control","no-cache"); // HTTP 1.1
      response.setHeader("Pragma","no-cache"); // HTTP 1.0
      response.setDateHeader ("Expires", -1); // Prevents caching at the proxy server
      %>

      function submitForm() {
      var frm = document. logonForm;
      // Check if all the required fields have been entered by the user before
      // submitting the form
      if( frm.j_username.value == "" ) {
      alert("blank");
      frm.j_username.focus();
      return ;
      }

      if( frm.j_password.value == "" ) {
      alert("blank");
      frm.j_password.focus();
      return ;
      }
      frm.submit();
      }




      <FORM name="logonForm" action="/j_security_check" METHOD=POST>





      <INPUT type="text" name="j_username" maxlength=20>





      <INPUT type="password" name="j_password" maxlength=20 >















      6. My mssql-ds.xml is...


      <local-tx-datasource>
      <jndi-name>mtswebportal</jndi-name>
      <connection-url>jdbc:microsoft:sqlserver://ausblqa1:1433;DatabaseName=webportal</connection-url>
      <driver-class>com.microsoft.jdbc.sqlserver.SQLServerDriver</driver-class>
      <user-name>jboss</user-name>
      ijboss#1
      <prepared-statement-cache-size>50</prepared-statement-cache-size>
      <min-pool-size>5</min-pool-size>
      <max-pool-size>50</max-pool-size>
      <idle-timeout-minutes>15</idle-timeout-minutes>
      <track-statements>false</track-statements>

      <!-- sql to call when connection is created
      <new-connection-sql>some arbitrary sql</new-connection-sql>
      -->

      <!-- sql to call on an existing pooled connection when it is obtained from pool
      <check-valid-connection-sql>some arbitrary sql</check-valid-connection-sql>
      -->

      <!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml (optional) -->

      <type-mapping>MS SQLSERVER2000</type-mapping>

      </local-tx-datasource>



      What should be my ActionForm and Action ?
      What i need to do ??
      Do i have to handle the login in my action ?
      or JBOSS will automatically authenticate the user by the time the control gets to Action.

      Please help me.

      Thanks.
      VV.