Following some hints, tips, articles I'm trying to develop a small sample using JAAS & JBoss.
I think I have understood the concepts, but when I start to code, things became hard... hehehe.
Maybe I have forgot something... I don't know exactaly.
According what I have read, I proceed like this:
Step 1: Declare a new application policy in login-config.xml at conf dir:
<application-policy name = "jaas-webapp-domain"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "unauthenticatedIdentity">pirata</module-option> <module-option name = "dsJndiName">jdbc/jaasDS</module-option> <module-option name = "principalsQuery">SELECT PASSWORD FROM USERS WHERE LOGIN=?</module-option> <module-option name = "rolesQuery">SELECT LOGIN, 'Roles' FROM ROLES WHERE LOGIN=?</module-option> </login-module> </authentication> </application-policy>
Step 2: Modify web.xml file:
<security-constraint> <web-resource-collection> <web-resource-name>página dos pebas</web-resource-name> <url-pattern>/peba/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>peba</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>peba</role-name> </security-role> <login-config> <auth-method>BASIC</auth-method> <realm-name>jaas-webapp-realm</realm-name> </login-config>
Step 3: add jboss-web.xml inside WEB-INF dir. Like this:
<?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>java:/jaas/jaas-webapp-domain</security-domain> </jboss-web>
I have tried to write de sql to query principals in a WRONG WAY (i.e. missing table name after from keywork, missing where keyword) just to see if jboss would complain, tell me that something was wrong.... But nothing happened. I think it isn't called...
IE shows me the login window, I try 3 times, and I get a forbidden error... but no sql error appears in jboss log...
Maybe tag X in file Y must have the same value as tag Z in file W and I didn't realize...
What I'm doing wrong? should I find some reference to my security domain(java:/jaas/jaas-webapp-domain ) in jmx-console? I didn't found. My datasources are there... I found them...
I hope that you can understand me e send me some help.
Thanks in advance.
Excuse me for any english mistakes.