my dog learned polymorphism
The moose likes JBoss/WildFly and the fly likes JBOSS FORM based auth and 403 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "JBOSS FORM based auth and 403" Watch "JBOSS FORM based auth and 403" New topic

JBOSS FORM based auth and 403

NikhilN Kumar

Joined: Jun 30, 2003
Posts: 9
I am trying to implement form-based authentication in a JBOSS 3.2.3/ Embedded Tomcat/ Firebird database environment. I have tested that I can login into Firebird using isql for the user id/ password combination that I have. It seems to go past any jdbc connection errors (no stack/ failures). However, Tomcat chokes with a "HTTP Status 403 - Access to the requested resource has been denied" message.
My login-config.xml has the following entries:
<login-module code=""
<module-option name="dsJndiName">java:/IAL-AUTH-DS</module-option>
<module-option name="principalsQuery">select pr_password from principals where principal_id=?</module-option>
<module-option name="rolesQuery">select user_role, role_group from roles where principal_id=?</module-option>
My firebird..-xa-ds.xml has

<adapter-display-name>Firebird Database Connector</adapter-display-name>
<config-property name="Database" type="java.lang.String">localhost/3050:/home2/niprdev/db/niprdev_auth.GDB</config-property>
<!--additional properties. only use one way of setting tx isolation, please
<config-property name="TransactionIsolation"></config-property>
<config-property name="TransactionIsolationName">TRANSACTION_READ_COMMITTED</config-property>
<config-property name="BlobBufferLength"></config-property>
<config-property name="Encoding">UNICODE_FSS</config-property>
My web.xml has:
<description>Declarative security</description>
<description>No descrp</description>
My jboss-web.xml defines the application security domain JNDI namespace as:
<!-- Uncomment this element to add security for the application -->
I cant see why it does not connect completely. There is no JDBC error thrown.
Any suggestions? Help!
NikhilN Kumar

Joined: Jun 30, 2003
Posts: 9
One more query. Why does it route me to an access denied rather than the login error page?
Don Griffing
Ranch Hand

Joined: Nov 21, 2003
Posts: 33
When I was fighting a simular problem, it was recommended that I add

to my log4j.xml in order to get more details about what is going on.
BTW I noticed that your <security-domain> and <context-root> were out of order according to the DTD.
I agree. Here's the link:
subject: JBOSS FORM based auth and 403
It's not a secret anymore!