0 Replies Latest reply on Jul 16, 2007 2:21 PM by Sireesha Ramireddy

    Implementing the Authorization using DatabaseServerLoginModu

    Sireesha Ramireddy Newbie

      Hi,

      Iam using the JDeveloper and JBoss to develop my web application using JSF. And the data is retrieved from the database(Oracle). I have implemented the DatabaseServerLoginModule for Authorization and Authentication. Here is code I have in the backingbean method of the Login button.

      SecurityAssociationHandler handler = new SecurityAssociationHandler();
      SimplePrincipal user = new SimplePrincipal(j_username.getValue().toString());
      handler.setSecurityInfo(user, j_password.getValue().toStrin().toCharArray());
      LoginContext loginContext =
      new LoginContext("testDB", (CallbackHandler)handler);
      loginContext.login();
      Subject subject = loginContext.getSubject();
      Set principals = subject.getPrincipals();
      principals.add(user);

      When I print the principals it is giving me the correct details from the database. The Authentication is working perfectly. I'm confused how to go from here for the authorization part. I have declared the page-level security in the web.xml and it is not working (no exceptions thrown). Role name with 'user' is able to access the pages under /admin folder.

      Content of web.xml related to authorization-

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Administrator</web-resource-name>
      <url-pattern>/faces/admin/*</url-pattern>
      <url-pattern>/admin/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>admin</role-name>
      </auth-constraint>
      </security-constraint>
      <security-role>
      Administrator
      <role-name>admin</role-name>
      </security-role>


      Please advise me how to do the authorization part from here.

      Thanks In Advance.
      SR.