I got Jboss-2.4.4_Tomcat-4.0.1 to do basic and form auth with the UsersRolesLoginModule on my windows box, but when i moved the app to the same setup on a redhat box the form or basic auth dialog works but i always get 403 for valid users. i tried this with both a DatabaseServerLoginModule(mySQL) and the UsersRolesLoginModule. Ive searched the forums and i still cant figure it out.
auth.conf:
database { org.jboss.security.auth.spi.DatabaseServerLoginModule required
dsJndiName="java:/DefaultDS"
principalsQuery="select user_pass from users where user_name=?"
rolesQuery="select role_name, role_group from user_roles where user_name=?"
;
};
application.xml:
<display-name>JAAS Tutorial</display-name>
<web-uri>@war-file@</web-uri>
<context-root>/test</context-root>
@ejb-file@
web.xml:
<servlet-name>SecureServlet</servlet-name>
<servlet-class>SecureEJBServlet</servlet-class>
<servlet-mapping>
<servlet-name>SecureServlet</servlet-name>
<url-pattern>/restricted/SecureServlet</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
Declarative security tests
<url-pattern>/restricted/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Echo</role-name>
</auth-constraint>
<user-data-constraint>
no description
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>JAAS Tutorial Servlets</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>