2 Replies Latest reply on Dec 15, 2004 7:55 PM by leets003

    Problem with Access to the requested resource

    leets003

      Dear all,

      When I move my MyStore project from JBoss 3.2.3 to JBoss 4.0.0, my security policy didn't work. When I use the same login name and password login into JBoss 3.2.3 and Jboss 4.0.0, JBoss 3.2.3 allowed to access my servlet but Jboss 4.0.0 didn't allow.

      Here is part of application policy in login-config.xml.

       <application-policy name = "Mystore">
       <authentication>
       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
       <module-option name = "dsJndiName">java:/DefaultDS</module-option>
       <module-option name = "principalsQuery">select Password from Principals where PrincipalID=?</module-option>
       <module-option name = "rolesQuery">select Role, RoleGroup from Roles where PrincipalID=?</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      Here is my security-constraint on web.xml in my project
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>access</web-resource-name>
       <description>An example security config that only allows users with the
       role JBossAdmin to access the access web application
       </description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>JBossAdmin</role-name>
       </auth-constraint>
       </security-constraint>
      
       <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>Access</realm-name>
       </login-config>
      
       <security-role>
       <role-name>JBossAdmin</role-name>
       </security-role>
      


      I already create two tables in HSQL under JBoss3.2.3 and JBoss 4.0.0. I check that the ROLE is JBOSSADMIN under my PRINCIPALID on both database. And I am sure the query on my database is worked. Because I try to type the invalid password. It show the error either on screen and server.log file.

      What is wrong in my security setting?

      Thanks a lot.

        • 1. Re: Problem with Access to the requested resource
          starksm64

          There is no change in the security layer between the two versions. Try securing the jmx-console.war with the same security domain between the 2 versions. If that shows the same problem report back on that.

          • 2. Re: Problem with Access to the requested resource
            leets003

            Dear all,

            Finally, the problem was fixed. I setup mysql database and use defaultDS as the JDBC-connector for JMX-console authenication. Both version of JBOSS AS works for this database.

            However I would like to caching for the JBoss authenication. When I insert one record into MySQL database for new user, and then I login the JMX-console using a new user. However it return fail to login.

            So I restart the JBOSS AS and then re-login again. It works.

            So how can I change the caching parameter for JBOSS AS?

            Thanks a lot.

            Best regards

            Patrick Lee