Hello everyone,
I am using
JBoss 4.0.2 w/Tomcat 5.5.9 (integrated) along with jTDS and SQLServer for a project.
I would like to use DatabaseServerLoginModule and single sign-on. I've created the approprite tables in my database for users and roles. I've created simple
jsp pages for login and login error. I've also modified my login-config.xml, jboss-web.xml and web.xml to handle the security. I am using the
Tomcat valve for singlesignon.
However, when I
test the protected resource with a valid userid and password, I get a 403 error message. If I try to login with an invalid userid and password, I get the error jsp that I created.
This tells me that I am authenticating the user, but I am probably screwing something up with the roles as I cannot get access to the restricted resource even with the correct userid and password.
What I am trying to accomplish is
1. Authenticate a user against the database tables for userid and appropriate roles.
2. Use a custom error page when the user does not have access to the resource. Uid/pw combo AND role
3. Use SSO across the various web-apps that will comprise this project. Is it possible or correct for one web-app to handle all of the login/logout processing? If a user tries to access a web-app can that web-app redirect the user to a login page in another web-app? All of these web-apps will be in the same container.
Any help that could be provided, would be most appreciated.
Thanks,
Howler
Here is my stuff
web.xml login-config.xml jboss-web.xml [ July 07, 2005: Message edited by: Howler ]