authentication problem

Hi guys,

I'm having some issues with JAAS authenticatin on jboss. We are still working for jboss-4.01.sp1 and I'm trying to deploy two application that would share user information through HttServletRequest's getRemoteUser() method. So I'm setting up a Realm across all apps deployed in our jboss. I created a sample web project to test authentication as a prerequisite, but it's not hitting the database. Here are the relevant files:

web.xml

<security-constraint>
    <display-name>Default JSP Security Constraints</display-name>
    <web-resource-collection>
      <web-resource-name>Admin Login</web-resource-name>
      <url-pattern>/hello.jsp</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>SU</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  
     <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>MyRealm</realm-name>
          <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/error.jsp</form-error-page>
            </form-login-config>
             
        </login-config>

<security-role>
        <description>The role required to access restricted content </description>
        <role-name>SU</role-name>
    </security-role>

login-config.xml

server.xml

the databse is not getting hit and i know this from looking at the mysql query log. what did i miss?

thanks guys.

Try adding the following to WEB-INF/jboss-web.xml:

Hi,

I did make a jboss-web.xml with the same data. It didn't work. Database still wasn't being hit, the logs confirmed that. Any other ideas?

i made some progress...now i get a different error message:

15:57:02,280 WARN [JAASRealm] Cannot find message associated with key jaasRealm
.loginException
javax.security.auth.login.LoginException: Security Exception
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
86)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:6
80)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:398)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:322)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(Form
Authenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv
e.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.proce
ss(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invok
e(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:127)

any ideas of what can be causing this? this is the same config as above, including jboss-web.xml in WEB-INF, but now in jboss-5.0.1. thanks.

Hi, I'm getting the same error here... Did you find out how to make DatabaseServerLoginModule work? It's not even hitting the db...

Maurico, it would have been better if you started a new topic. It also helps if you provide the details.. Post the login module from login-config.xml, the *-ds.xml file for the database, the jboss-web.xml file and sections of the web.xml file that deal with access control.

Don't forget the use the 'code' tags when posting the source code, especially the XML text. Select the text and click the Code button above the text editor window.