authentication does not endures
I did everything as explained in "Complete configuration of JAAS on JBOSS and STRUTS" http://www.javaworld.com/javaforums/showthreaded.php?Cat=&Board=JavaSecurity&Number=2500&page=&view=&sb=5&o=
and I can actually login, but the time i'am logged in just endures from the login page to the next page, after that iam asked to login again
this is my login-config.xml:
<application-policy name="PgDbRealm">
<login-module code="org.jboss.security.ClientLoginModule" flag="required">
</login-module>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=naturaDS</module-option>
<module-option name="dsJndiName">java:/naturaDS</module-option>
<module-option name="principalsQuery">Select password from usuarios where idusuario =?</module-option>
<module-option name="rolesQuery">Select R.role AS Roles, G.descripcion AS RoleGroups from gruposusuarios GU,roles R, grupos G where idusuario =? AND GU.idrole=R.idrole AND GU.idgrupo=G.idgrupo</module-option>
</login-module>
</application-policy>
jboss-web.xml:
<security-domain>java:/jaas/PgDbRealm</security-domain>
\jboss-4.0.1sp1\server\default\conf\auth.conf:
// The JBoss server side JAAS login config file for the examples
client-login
{
org.jboss.security.ClientLoginModule required;
};
PgDbRealm
{
org.jboss.security.ClientLoginModule required;
org.jboss.security.auth.spi.DatabaseServerLoginModule
required
dsJndiName="java:/naturaDS"
principalsQuery="Select password from usuarios where idusuario =?"
rolesQuery="Select R.role AS Roles, G.descripcion AS RoleGroups from gruposusuarios GU,roles R, grupos G where idusuario =? AND GU.idrole=R.idrole AND GU.idgrupo=G.idgrupo";
};
My login action:
Principal userPrincipal =null;
try {
String username=request.getParameter("j_username");
String password=request.getParameter("j_password");
System.out.println("password = " + password);
System.out.println("username = " + username);
SecurityAssociationHandler handler = new SecurityAssociationHandler();
userPrincipal= new SimplePrincipal(username);
handler.setSecurityInfo(userPrincipal, password.toCharArray());
LoginContext loginContext = new LoginContext("PgDbRealm",(CallbackHandler) handler);
loginContext.login();
Subject subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
principals.add(userPrincipal);
} catch (LoginException e) {
errors.add("loginerror", new ActionError("Wrong Username or Password"));
saveErrors(request, errors);
return mapping.findForward("fail");
}
System.out.println("logged in-----------------"+userPrincipal); //I reach this line
return mapping.findForward("success");
I do actually reach the next page (success) but after that I'am
asked to login when i did so a few seconds before.
Any Idea ?