File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JBoss/WildFly and the fly likes JBoss Oracle Database Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "JBoss Oracle Database Security" Watch "JBoss Oracle Database Security" New topic
Author

JBoss Oracle Database Security

Jeroen Christiaens
Greenhorn

Joined: Jan 27, 2004
Posts: 2
Hi all,
I try to do authentication in JBoss with an Oracle DB.
The web form displays and can be filled in, but he always denies the access and goes back to the login.jsp page, although the correct username/password are in the DB.
I think it has something to do with the OracleDS. I think JBoss cannot find the datasource, althoug the declaration file is in the deploy dir.
Does anyone know what to do or what I have done wrong?
Thanks a lot,
Jeroen
***************** FILE oracle-ds.xml in <jboss>/server/default/deploy *****
<?xml version="1.0" encoding="UTF-8"?>
<!-- JBoss Server Configuration for oracle -->
<datasources>
<local-tx-datasource>
<jndi-name>OracleDS</jndi-name>
<connection-url>jdbcracleci8:@myserver</connection-url>
<driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
<user-name>myUsername</user-name>
<password>myPassw</password>
<!-- Checks the Oracle error codes and messages for fatal errors -->
<exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
<min-pool-size>5</min-pool-size>
<max-pool-size>20</max-pool-size>
</local-tx-datasource>
</datasources>
********************** login-config.xml in <jboss>/server/default/conf **********
<application-policy name="MyWebRealm">
<authentication>
<login-module code="org.jboss.security.auth.spi.DataBaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/OracleDS</module-option>
<module-option name="principalsQuery">SELECT password FROM users WHERE loginname=?</module-option>
<module-option name="rolesQuery">SELECT role, 'Roles' FROM userroles WHERE loginname=?</module-option>
</login-module>
</authentication>
</application-policy>

*************** in my Web application: web.xml **************
<!--security-constraint>
<display-name>Security My Web Application</display-name>
<web-resource-collection>
<web-resource-name>LocalysWeb Security</web-resource-name>
<description>Restrict all access to this application</description>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.do</url-pattern>
</web-resource-collection>

<auth-constraint>
<description>Only authorise users with the following roles defined.</description>
<role-name>administrator</role-name>
</auth-constraint>

<user-data-constraint>
<description>Protection should be CONFIDENTIAL if SSL is installed (or NONE)</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyWebRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>administrator</role-name>
</security-role>
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JBoss Oracle Database Security