0 Replies Latest reply on Sep 18, 2005 2:18 AM by julesverne

    problem with jaas

    julesverne

      I am new to jaas and i have tried to configure my web application with the jaas framework provided by jboss. Everything is fine with the authentication part...
      but i cant understand some of the tags from web.xml given below.

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Requires users to authenticate</web-resource-name>
      <description>WEB Application with JAAS</description>
      <url-pattern>/index.jsp</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      
      <auth-constraint>
      <role-name>Echo</role-name>
      </auth-constraint>
      
      <user-data-constraint>
      <description>i have no idea wht u mean</description>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      
      </security-constraint>
      
      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
      </form-login-config>
      </login-config>
      
      <security-role>
      <description>user allowed to invoke echo methods</description>
      <role-name>Echo</role-name>
      </security-role>





      It is my understanding that any request to the url "/index.jsp" will be handled by the login-config tag and the request will be forwarded to login.jsp for authentication and if authentication fails it is passed to error.jsp. However after authentication fails it doesn't go to error.jsp (or is this the way it should behave??). Also other principals with different roles are also capable of logging in which i dont want happening.

      for reference this how my login-config.xml looks like..

      <application-policy name="example2">


      <login-module code="org.jboss.security.ClientLoginModule" flag="required"></login-module>

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

      <module-option name="managedConnectionFactoryName">jboss:jca:service=LocalTxCM,name=TxChangeDS</module-option>

      <module-option name="dsJndiName">java:/TxChangeDS</module-option>

      <module-option name="principalsQuery">select password from principals where principalid = ?</module-option>


      <module-option name="rolesQuery">select role as Roles, rolegroup as RoleGroups from roles where principalid = ? </module-option>


      </login-module>



      </application-policy>




      and jboss-web.xml

      <security-domain>java:/jaas/example2</security-domain>
      <context-root>/test</context-root>



      Please help me out
      thnx alot