3 Replies Latest reply on Jun 23, 2009 4:07 AM by Wolfgang Knauf

    Simple Web Form authentication using JAAS with DatabaseServe

    Matthew Purdy Newbie

      i implemented JAAS the best i know how; however, when i enter the correct username and password with the correct role, it forwards me to the bad login page??? i also get no exceptions in the jboss console.

      i am using the username: 'tom' and the password 'tomuser'. as you can see below, tom has a password of 'tomuser' and is in the role of 'admin'

      what am i missing???

      here is my configuration:

      mysql sql code

      use pyxiswebadmin;
      drop table users;
      drop table roles;
      
      create table users
      (
       username varchar(64) not null primary key,
       password varchar(64) not null
      
      );
      
      create table roles
      (
       username varchar(64),
       role varchar(64)
      
      );
      
      insert into users values ('tom', 'tomuser');
      insert into users values ('dick', 'dickuser');
      insert into users values ('harry', 'harryuser');
      
      insert into roles value ('tom', 'admin');
      insert into roles value ('dick', 'audit');
      insert into roles value ('harry', 'user');
      
      commit;
      



      mysql database data
      mysql> show tables;
      +-------------------------+
      | Tables_in_pyxiswebadmin |
      +-------------------------+
      | roles |
      | users |
      +-------------------------+
      2 rows in set (0.00 sec)
      
      mysql> select * from users;
      +----------+-----------+
      | username | password |
      +----------+-----------+
      | tom | tomuser |
      | dick | dickuser |
      | harry | harryuser |
      +----------+-----------+
      3 rows in set (0.00 sec)
      
      mysql> select * from roles;
      +----------+-------+
      | username | role |
      +----------+-------+
      | tom | admin |
      | dick | audit |
      | harry | user |
      +----------+-------+
      3 rows in set (0.00 sec)
      


      login-config
       <!-- ####################################### -->
       <!-- added for Pyxis Server security -->
       <!-- ####################################### -->
       <application-policy name="pyxis-client-login">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">java:/pyxisDS</module-option>
       <module-option name="principalsQuery">select password from users where username=?</module-option>
       <module-option name="roleQuery">select role, 'Role' from roles where username=?</module-option>
       </login-module>
       </authentication>
       </application-policy>
      
       <!-- ####################################### -->
      



      datasource
      <?xml version="1.0" encoding="UTF-8"?>
      
      <datasources>
       <local-tx-datasource>
       <jndi-name>pyxisDS</jndi-name>
       <connection-url>jdbc:mysql://localhost:3306/pyxiswebadmin</connection-url>
       <driver-class>org.gjt.mm.mysql.Driver</driver-class>
       <user-name>pyxis</user-name>
       <password>pyxisuser</password>
       </local-tx-datasource>
      
      </datasources>
      


      jboss-web.xml
      <jboss-web>
       <security-domain>java:/jaas/pyxis-client-login</security-domain>
      </jboss-web>
      


      web.xml
      <?xml version="1.0" encoding="UTF-8"?>
      <web-app version="2.5"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns="http://java.sun.com/xml/ns/javaee"
       xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
      
       <welcome-file-list>
       <welcome-file>index.jsp</welcome-file>
       </welcome-file-list>
      
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>HtmlAdaptor</web-resource-name>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>admin</role-name>
       </auth-constraint>
       <user-data-constraint>
       <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
       </security-constraint>
      
       <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
       <form-login-page>/restricted/login.jsp</form-login-page>
       <form-error-page>/restricted/bad-login.jsp</form-error-page>
       </form-login-config>
       </login-config>
      
       <security-role>
       <role-name>admin</role-name>
       </security-role>
      
      </web-app>