2 Replies Latest reply on Aug 4, 2005 4:11 AM by Debopam Poddar

    Problem with jboss-web.xml : role mapping doesn't work for m

    Dominique Jean-Prost Newbie

      I already posted the same message on the serlet newsgroup. I try on this too just in case.
      I'm currently trying to migrate a webapp from weblogic8.1 to JBoss, and I'm meeting a problem I hadn't with WLS.

      My webapp has a <security-constraint> section with <auth-constraint>. I'm using Form authentication with DB Realm. My problem is that I can log in my webapp, but I get a 403 saying I'm not allowed to access ressources.

      I checked several things :
      - I can log in, ie login/password are checked against DB, so this part works. If I give a wrong password, I get <form-error-page> page.
      - I added a piece of code in my 403.jsp. I added 3 lines :
      0. System.out.println(request.getRemoteUser()); --> return djeanprost
      1. System.out.println(request.isUserInRole("collaborateur")); where collaborateur is a group of my group table. --> Return true, which is normal to me.
      2. System.out.println(request.isUserInRole("utilisateurCollaborateur")); --> false
      utilisateurCollaborateur is a role I specified in the <auth-constraint> section in the web.xml. I also have a <security-role> section where I declare the utilisateurCollaborateur role name. In my jboss-web.xml, I have a

      where I map utilisateurCollaborateur to collaborateur and djeanprost. I added the principal name djeanprost to add a test : it does not work neither.

      I conclude the mapping from utilisateurCollaborateur to collaborateur is not done.

      Where am I wrong ?


        • 2. Re: Problem with jboss-web.xml : role mapping doesn't work f
          Debopam Poddar Newbie

          ? Add this following in the application?s web.xml file:
          <web-resource-name>Admin Console</web-resource-name>


          Similarly for other groups/roles and url patterns attributes are added in web.xml

          ? Change login-config.xml in %JBOSS_HOME%/server/default/conf directory
          <application-policy name = "TEST_SECURITY_DOMAIN">

          <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
          flag = "required">
          <module-option name="usersProperties">users.properties</module-option>
          <module-option name="rolesProperties">roles.properties</module-option>

          (You can put any name in place of ?TEST_SECURITY_DOMAIN?)
          ? Change jboss-web.xml in %JBOSS_HOME%/server\default\deploy\<your application>\WEB-INF directory
          ? Add users.properties in %JBOSS_HOME%/server/default/conf directory
          Add user name and password in the following format
          Username = password
          (if username:: abc & password::pqr add abc = pqr in users.properties)
          ? Add roles.properties in %JBOSS_HOME%/server/default/conf directory
          Add the user name and role in the following format
          Username = role (take it from web.xml)
          (If username:: abc & role::admin add abc = admin in roles.properties)
          ? Add this to web.xml
          <!--<auth-method>BASIC</auth-method> -->

          (it tells server what is your admin login page)
          ? Add this to your admin login page