2 Replies Latest reply on May 18, 2006 1:57 PM by William

    DatabaseServerLoginModule help

    William Newbie

      Hi all, I'm really trying to do something that allows my users w/ assigned roles to login w/ passwd through a servlet using the databaseServerLoginModule, but having a hard time understanding what to do w/ so little documentation.

      Here's what I've done so far and if someone could point me in the right direction w/ more steps, much appreciated.

      I've created tables in my postgresql database as such ...

      CREATE SEQUENCE principals_seq;
      CREATE TABLE Principals(
       principalId INT PRIMARY KEY,
       principalName VARCHAR(64)
       password VARCHAR(32)
      );
      
      CREATE SEQUENCE roles_seq;
      CREATE TABLE Roles(
       roleId INT PRIMARY KEY,
       roleName VARCHAR(32),
       roleGroup VARCHAR(32)
      );
      


      And I have a ~/WEB-INF/login-config.xml file like this ...

      <application-policy name="myAppName">
       <authentication>
       <login-module
       code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag="required">
       <module-option name="unauthenticatedIdentity">
       guest
       </module-option>
       <module-option name="dsJndiName">
       java:/PostgresDS
       </module-option>
       <module-option name="principalsQuery">
       SELECT password FROM Users WHERE principalId=?
       </module-option>
       <module-option name="rolesQuery">
       SELECT roleId,'Roles' FROM Roles WHERE userId=?
       </module-option>
       </login-module>
       </authentication>
      </application-policy>
      


      I'm not sure about how to use callbacks within a servlet but I think I'm supposed to do this in my apps MVC controller. I made a LoginController, but as you can see, I don't really understand the details here yet.

      CallbackHandler handler = new MyHandler();
      LoginContext lc = new LoginContext("some-config", handler);
      
      try {
       lc.login();
       Subject subject = lc.getSubject();
      }
      catch (LoginException le) {
       System.out.println("authentication failed");
       e.printStackTrace();
      }
      


      Any more details here? Any help much appreciated.