1 Reply Latest reply on Oct 8, 2008 1:52 PM by Matthias Peter

    JSF DatabaseServerLoginModule Example not working

    Nicole Schweighardt Novice

      Hi,

      I am new to Security and I am trying since many hours to write a simple application with JSF,Facelets, Form Based Auth and DatabaseServerLoginModule.
      I have a running example with form based auth and UserRolesLoginModule. So I took that and tried to connect it with the DataBaseLoginModule-example from
      http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html
      From there I got the database and records.

      Here are my files:

      login-config.xml in jboss-5.0.0.CR2\server\default\conf

      ...
      <application-policy name="databaselogin">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag="required">
       <module-option name="dsJndiName">java:/databaselogin</module-option>
       <module-option name="principalsQuery">
       select passwd from Users username where username=?</module-option>
       <module-option name="rolesQuery">
       select userRoles, 'Roles' from UserRoles where username=?</module-option>
       </login-module>
       </authentication>
       </application-policy>
      </policy>


      jboss-web.xml in WEB-INF

      ...
      <jboss-web>
       <security-domain>java:/jaas/databaselogin</security-domain>
      </jboss-web>


      web.xml in WEB-INF
      ...
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>restricted</web-resource-name>
       <url-pattern>/secured_pages/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>caller_java</role-name>
       </auth-constraint>
       </security-constraint>
       <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
       <form-login-page>/login.html</form-login-page>
       <form-error-page>/error.html</form-error-page>
       </form-login-config>
       </login-config>
       <security-role>
       <role-name>caller_java</role-name>
       </security-role>
      </web-app>


      databaselogin-ds.xml
      <?xml version="1.0" encoding="UTF-8"?>
      <datasources>
       <local-tx-datasource>
       <jndi-name>databaselogin</jndi-name>
       <connection-url>jdbc:mysql://localhost:3307/databaselogin</connection-url>
       <driver-class>com.mysql.jdbc.Driver</driver-class>
       <user-name>XXX</user-name>
       <password>XXX</password>
       <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter</exception-sorter-class-name>
       <metadata>
       <type-mapping>mySQL</type-mapping>
       </metadata>
       </local-tx-datasource>
      </datasources>


      If I click the link that should show me asecured page, the login.html is shown in the right way. But authentication is not working. I tried it with username: java and password:echoman like in the documentation example.

      What am I doing wrong? Is there a possibility to debug the module?
      Thank you very much.
      Nicole