3 Replies Latest reply on Aug 14, 2007 3:39 PM by jflf83

    403 error with custom JAAS login Module.

    wbrown338

      Greetings:

      We are using Jboss 4.0.5 GA on Linux with JDK 1.4.2_10-b03

      We have a custom JAAS login module that extends the org.jboss.security.auth.spi.DatabaseServerLoginModule.

      This module worked with JBoss 4.0.2.

      we are using the following configs.

      client/auth.conf
      ebizDomain
      {
      org.jboss.security.ClientLoginModule required;
      com.gocsc.ebiz.JBossLoginModule required;
      };

      server/default/conf/auth.conf
      ebizDomain
      {
      org.jboss.security.ClientLoginModule required;
      com.gocsc.ebiz.JBossLoginModule required;
      dsJndiName="java:/MSSQLDS"
      driverName="net.sourceforge.jtds.jdbc.Driver"
      connectionURL="jdbc:jtds:sqlserver://dbase/app;user=user;password=password"
      keyProc="{call art_prcGetKey()}"
      passwordProc="{call art_prcGetPassword(?)}"
      rolesProc="{call art_prcGetRoles(?)}"
      };

      server/default/conf/login-config.xml
      <application-policy name="ebizDomain">

      <login-module code="com.gocsc.ebiz.JBossLoginModule" flag="required">
      <module-option name="dsJndiName">java:/MSSQLDS</module-option>
      <module-option name="driverName">net.sourceforge.jtds.jdbc.Driver</module-option>
      <module-option name="connectionURL">jdbc:jtds:sqlserver://dbase/app;user=user;password=password"</module-option>
      <module-option name="keyProc">{call art_prcGetKey()}</module-option>
      <module-option name="passwordProc">{call art_prcGetPassword(?)}</module-option>
      <module-option name="rolesProc">{call art_prcGetRoles(?)}</module-option>
      </login-module>

      </application-policy>

      webapp war web.xml
      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>ebizDomain</realm-name>
      <form-login-config>
      <form-login-page>/loginPage</form-login-page>
      <form-error-page>/errorpage.jsp</form-error-page>
      </form-login-config>
      </login-config>

      We have debugging enabled for the login and we get output from our custom module that shows the user authenticated and had a role added:

      2007-02-05 10:43:51,764 DEBUG [com.gocsc.ebiz.JBossLoginModule] dsJndiName=java:/MSSQLDS
      2007-02-05 10:43:51,764 DEBUG [com.gocsc.ebiz.JBossLoginModule] driverName=net.sourceforge.jtds.jdbc.Driver
      2007-02-05 10:43:51,764 DEBUG [com.gocsc.ebiz.JBossLoginModule] connectionURL=connectionURL=jdbc:jtds:sqlserver://dbase/app;user=user;password=password
      2007-02-05 10:43:51,764 DEBUG [com.gocsc.ebiz.JBossLoginModule] keyProc={call art_prcGetKey()}
      2007-02-05 10:43:51,765 DEBUG [com.gocsc.ebiz.JBossLoginModule] passwordProc={call art_prcGetPassword(?)}
      2007-02-05 10:43:51,765 DEBUG [com.gocsc.ebiz.JBossLoginModule] rolesProc={call art_prcGetRoles(?)}
      2007-02-05 10:43:51,792 DEBUG [com.gocsc.ebiz.JBossLoginModule] Assign user to role A

      However, instead of being redirected to the homepage of the app, we are getting the tomcat error "HTTP Status 403 - Access to the requested resource has been denied". There are no more details in the server.log and the user is prevented from going forward into the app.

      Is there a change we need to make in the configuration going from 4.0.2 to 4.0.5? Thanks for your help from anyone who knows what the issue might be.

        • 1. Re: 403 error with custom JAAS login Module.
          wbrown338

          Greetings:

          Updating our login-config.xml with the client login module solved the issue for us.

          <application-policy name="ebizDomain">

          <login-module code="com.gocsc.ebiz.JBossLoginModule" flag="required">
          <module-option name="dsJndiName">java:/MSSQLDS</module-option>
          <module-option name="driverName">net.sourceforge.jtds.jdbc.Driver</module-option>
          <module-option name="connectionURL">jdbc:jtds:sqlserver://LASALLE/artemis;user=ArtemisProcs;password=*183461*</module-option>
          <module-option name="keyProc">{call art_prcGetKey()}</module-option>
          <module-option name="passwordProc">{call art_prcGetPassword(?)}</module-option>
          <module-option name="rolesProc">{call art_prcGetRoles(?)}</module-option>
          </login-module>
          <!-- Add this line to your login-config.xml to include the ClientLoginModule propogation -->
          <login-module code="org.jboss.security.ClientLoginModule" flag="required" />

          </application-policy>

          • 2. Re: 403 error with custom JAAS login Module.
            mayilvahanan

            Hi,

            The problem might be in your jboss-web.xml
            Check you <<JBOSS_HOME>>\server\default\conf\login-cofig.xml for the application-policy and <>\WEB-INF\jboss-web.xml security-domain value as below


            login-cofig.xml :

            <application-policy name="web_client_security">

            <login-module code="org.jboss.security.ClientLoginModule" flag="required"/>
            <login-module code="com.gen.loginmodule.GenericLoginModule" flag="required"/>

            </application-policy>

            jboss-web.xml:

            <jboss-web>
            <context-root>app</context-root>
            <security-domain>java:/jaas/web_client_security</security-domain>
            </jboss-web>


            Regards
            Mayilvahanan V

            • 3. Re: 403 error with custom JAAS login Module.
              jflf83

              Hi, I have the same problem in my application. I´m using the databaseServerLoginModule too.
              SOMETIMES, when a user try to log on, happen a 403. The same problem doesn´t happen all the time, sometimes the same user can log on in the application without problems.
              I can´t find the problem in the logs of the server and I don´t know what I have to do, because the problem do not happen all the time.
              Someone can help me?
              thanks