2 Replies Latest reply on Nov 3, 2004 10:57 AM by Jerry Payne

    Using Database for Security

    Jerry Payne Newbie

      I am trying to create an example that uses a standalone version of Hypersonic to validate my users and their roles. I have been through all the "How To's" and many forums, but I cannot seem to get the Login page to see the database and validate the users. I am trying to put validation on an EJB. If you need another file please let me know. I am including the files that I have set up:

      login-config.xml

      <application-policy name="mod05sol">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag="required">
       <module-option name="dsJndiName">java:/UserDS</module-option>
       <module-option name="principalsQuery">select user_pass from users where user_name=?</module-option>
       <module-option name="rolesQuery">select role_name, "Roles" from user_roles where user_name=?</module-option>
       </login-module>
       </authentication>
      </application-policy>
      


      web.xml
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>mod05sol</web-resource-name>
       <description>In this section we setup the type of actions that will force
       authentication, as well as setup the URL patterns that cause
       the authetication</description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       <http-method>PUT</http-method>
       <http-method>DELETE</http-method>
       </web-resource-collection>
       <auth-constraint>
       <description>There roles are allowed access</description>
       <role-name>admin</role-name>
       <role-name>manager</role-name>
       </auth-constraint>
       </security-constraint>
      
       <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>Mod05Sol Protected Area</realm-name>
       <form-login-config>
       <form-login-page>/login.html</form-login-page>
       <form-error-page>/errorpage.html</form-error-page>
       </form-login-config>
       </login-config>
       <security-role>
       <role-name>admin</role-name>
       </security-role>
       <security-role>
       <role-name>manager</role-name>
       </security-role>
      


      jboss.xml
      <jboss>
       <security-domain>java:/jaas/mod05sol</security-domain>
       <enterprise-beans>
       <entity>
       <ejb-name>TestSecurityBean</ejb-name>
       <resource-ref>
       <res-ref-name>jdbc/UserDB</res-ref-name>
       <jndi-name>java:/UserDS</jndi-name>
       </resource-ref>
       </entity>
       </enterprise-beans>
      </jboss>
      


      jboss-web.xml
      <jboss-web>
       <security-domain>java:/jaas/mod05sol</security-domain>
       <resource-ref>
       <res-ref-name>jdbc/UserDB</res-ref-name>
       <jndi-name>java:/UserDS</jndi-name>
       </resource-ref>
       <ejb-ref>
       <ejb-ref-name>ejb/TestSecurity</ejb-ref-name>
       <jndi-name>TestSecurityBean</jndi-name>
       </ejb-ref>
      </jboss-web>
      


      Thanks
      Jerry


        • 1. Using Database for Security
          Jerry Payne Newbie

          I am trying to create an example that uses a standalone version of Hypersonic to validate my users and their roles. I have been through all the "How To's" and many forums, but I cannot seem to get the Login page to see the database and validate the users. I am trying to put validation on an EJB. If you need another file please let me know. I am including the files that I have set up:

          login-config.xml

          <application-policy name="mod05sol">
           <authentication>
           <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
           flag="required">
           <module-option name="dsJndiName">java:/UserDS</module-option>
           <module-option name="principalsQuery">select user_pass from users where user_name=?</module-option>
           <module-option name="rolesQuery">select role_name, "Roles" from user_roles where user_name=?</module-option>
           </login-module>
           </authentication>
          </application-policy>
          


          web.xml
           <security-constraint>
           <web-resource-collection>
           <web-resource-name>mod05sol</web-resource-name>
           <description>In this section we setup the type of actions that will force
           authentication, as well as setup the URL patterns that cause
           the authetication</description>
           <url-pattern>/*</url-pattern>
           <http-method>GET</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
           <http-method>DELETE</http-method>
           </web-resource-collection>
           <auth-constraint>
           <description>There roles are allowed access</description>
           <role-name>admin</role-name>
           <role-name>manager</role-name>
           </auth-constraint>
           </security-constraint>
          
           <login-config>
           <auth-method>FORM</auth-method>
           <realm-name>Mod05Sol Protected Area</realm-name>
           <form-login-config>
           <form-login-page>/login.html</form-login-page>
           <form-error-page>/errorpage.html</form-error-page>
           </form-login-config>
           </login-config>
           <security-role>
           <role-name>admin</role-name>
           </security-role>
           <security-role>
           <role-name>manager</role-name>
           </security-role>
          


          jboss.xml
          <jboss>
           <security-domain>java:/jaas/mod05sol</security-domain>
           <enterprise-beans>
           <entity>
           <ejb-name>TestSecurityBean</ejb-name>
           <resource-ref>
           <res-ref-name>jdbc/UserDB</res-ref-name>
           <jndi-name>java:/UserDS</jndi-name>
           </resource-ref>
           </entity>
           </enterprise-beans>
          </jboss>
          


          jboss-web.xml
          <jboss-web>
           <security-domain>java:/jaas/mod05sol</security-domain>
           <resource-ref>
           <res-ref-name>jdbc/UserDB</res-ref-name>
           <jndi-name>java:/UserDS</jndi-name>
           </resource-ref>
           <ejb-ref>
           <ejb-ref-name>ejb/TestSecurity</ejb-ref-name>
           <jndi-name>TestSecurityBean</jndi-name>
           </ejb-ref>
          </jboss-web>
          


          Thanks
          Jerry


          • 2. Re: Using Database for Security
            Jerry Payne Newbie

            Problem resolved.

            Since I was using an external version of the Hypersonic database I had to include the file hsqldb-ds.xml file in the deploy directory. I already had a version of the file in the deploy directory, but it did not include the datasource for my user database. I added that file and it worked!!!

            Jerry