wood burning stoves*
The moose likes JBoss/WildFly and the fly likes Getting my web application to use the DatabaseServerLoginModule Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Getting my web application to use the DatabaseServerLoginModule" Watch "Getting my web application to use the DatabaseServerLoginModule" New topic
Author

Getting my web application to use the DatabaseServerLoginModule

Mark E Hansen
Ranch Hand

Joined: Apr 01, 2009
Posts: 643
I'm trying to configure my J2EE web application to use the DatabaseServerLoginModule.
I'm following the instructions in the book: JBoss in Action, but I think I must be missing something, as the application continues to try to use the UsersRolesLoginModule instead.

I'm running JBoss AS 5.1.0.GA with JDK 1.6, and my web application contains HTML files as well as a Servlet.

First, I've created the security tables in a MySQL database, and have deployed a -ds.xml deployment descriptor for my database. Also, I've enabled the HTTPS connector (with a home-made certificate) so I can access the web application via https (on port 8443) - which is working.

I then added the following <application-policy> block element to the login-config.xml file in my server's conf directory:



Note that the policy name is database-domain

Next, I created a jboss-web.xml file in the web application's WEB-INF directory, which looks like this:



Finally, I have the following web.xml file in my web application's WEB-INF directory:



When I attempt to access the restricted page (/authroized/create_user.html) I am prompted for credentials, but when I enter them, the application server writes the following to the server.log file:



It seems the application is still configured to use the UsersRolesLoginModule, rather than the DatabaseServerLoginModule.

I must be missing a configuration someplace, but I can't tell where.

Can someone please point me in the right direction?

Thanks,
Peter Johnson
author
Bartender

Joined: May 14, 2008
Posts: 5812
    
    7

Try changing the rolesQuery to:



Other than that, I don't see anything obviously wrong.

Are the user and role queries going to the database? I'm wondering if a failure there is causing JBoss AS to revert to the user login module.

Also, try adding debug tracing to the login module and see if the server.log gives any more hints as to what is going on. To do this, add these lines to the server/xxx/conf/jboss-log4j.xml file:




JBoss In Action
Mark E Hansen
Ranch Hand

Joined: Apr 01, 2009
Posts: 643
Well, it looks like I did something silly. I made changes to the login-config.xml, but didn't restart the application server

After restarting the application server, it is working as expected.

Thanks, and I'm sorry for the false issue.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Getting my web application to use the DatabaseServerLoginModule
 
Similar Threads
[jboss jaas] login-conf.xml configuration
Secure jmx-console in JBoss 4.0.3
Securing Application for JBoss5.1.0
Single Sign-on across web-apps
Authorization issue while implementing login module with DatabaseServerLoginModule