Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JBoss Oracle Database Security

 
Jeroen Christiaens
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I try to do authentication in JBoss with an Oracle DB.
The web form displays and can be filled in, but he always denies the access and goes back to the login.jsp page, although the correct username/password are in the DB.
I think it has something to do with the OracleDS. I think JBoss cannot find the datasource, althoug the declaration file is in the deploy dir.
Does anyone know what to do or what I have done wrong?
Thanks a lot,
Jeroen
***************** FILE oracle-ds.xml in <jboss>/server/default/deploy *****
<?xml version="1.0" encoding="UTF-8"?>
<!-- JBoss Server Configuration for oracle -->
<datasources>
<local-tx-datasource>
<jndi-name>OracleDS</jndi-name>
<connection-url>jdbcracleci8:@myserver</connection-url>
<driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
<user-name>myUsername</user-name>
<password>myPassw</password>
<!-- Checks the Oracle error codes and messages for fatal errors -->
<exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
<min-pool-size>5</min-pool-size>
<max-pool-size>20</max-pool-size>
</local-tx-datasource>
</datasources>
********************** login-config.xml in <jboss>/server/default/conf **********
<application-policy name="MyWebRealm">
<authentication>
<login-module code="org.jboss.security.auth.spi.DataBaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/OracleDS</module-option>
<module-option name="principalsQuery">SELECT password FROM users WHERE loginname=?</module-option>
<module-option name="rolesQuery">SELECT role, 'Roles' FROM userroles WHERE loginname=?</module-option>
</login-module>
</authentication>
</application-policy>

*************** in my Web application: web.xml **************
<!--security-constraint>
<display-name>Security My Web Application</display-name>
<web-resource-collection>
<web-resource-name>LocalysWeb Security</web-resource-name>
<description>Restrict all access to this application</description>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.do</url-pattern>
</web-resource-collection>

<auth-constraint>
<description>Only authorise users with the following roles defined.</description>
<role-name>administrator</role-name>
</auth-constraint>

<user-data-constraint>
<description>Protection should be CONFIDENTIAL if SSL is installed (or NONE)</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyWebRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>administrator</role-name>
</security-role>
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic