2 Replies Latest reply: Jun 22, 2012 2:15 AM by ionutvaidianu RSS

JAAS Login issue

ionutvaidianu Newbie

Hello,

 

I'm quite new to JBoss AS, so please bare with me and any help is appreciated.

 

Here is my problem: I have a RichFaces web application and I want to restrict access to most of the pages. As far as I have found so far the best way (opened for suggetions and debate here) to secure content is at container level by defining a security domain and a module that will authorize the users so they can be able to access secured pages.

 

I have done all the configuration, the pages are protected, but even from a user that authenticates. In other words event after authentication I get redirected to the login page and cannot access any of the protected pages. I get no error / message in the server console (The log level for CONSOLE is on DEBUG).

 

Is it a known issue, is there a WA for it or am I doing something wrong?

 

Thanks!

 

Here is the setup:

JBoss AS 7.1.1 Final, standalone configuration.

 

The security domain (the associated datasource is functional because at some point I got wrong password in the server console):

 

                <security-domain name="SecuredRealm">

                    <authentication>

                        <login-module code="Database" flag="required">

                            <module-option name="dsJndiName" value="java:jboss/datasources/securityDS"/>

                            <module-option name="principalsQuery" value="select passwd from Users where username=?"/>

                            <module-option name="rolesQuery" value="select userRoles,'Roles' from UserRoles where username=?"/>

                            <module-option name="hashAlgorithm" value="MD5"/>

                            <module-option name="hashEncoding" value="base64"/>

                            <module-option name="unauthenticatedIdentity" value="guest"/>

                            <module-option name="maxInvalidLoginAttempts" value="5"/>

                        </login-module>

                    </authentication>

                </security-domain>

 

jboss-web.xml

 

<?xml version="1.0" encoding="UTF-8"?>

<jboss-web>

    <security-domain>java:/jaas/SecuredRealm</security-domain>

</jboss-web>

 

web.xml

 


<security-constraint>


<web-resource-collection>



<web-resource-name>SecuredRealm</web-resource-name>



<url-pattern>/*</url-pattern>



<http-method>GET</http-method>



<http-method>POST</http-method>


</web-resource-collection>


<auth-constraint>



<role-name>*</role-name>


</auth-constraint>

 



<!-- <user-data-constraint> -->


<!-- <transport-guarantee>CONFIDENTIAL</transport-guarantee> -->


<!-- </user-data-constraint> -->

</security-constraint>

 

 


<security-constraint>


<web-resource-collection>



<web-resource-name>Unprotected area</web-resource-name>



<url-pattern>/resources/*</url-pattern>


</web-resource-collection>

</security-constraint>

 

 


<login-config>


<auth-method>FORM</auth-method>


<realm-name>SecuredRealm</realm-name>


<form-login-config>



<form-login-page>/jasl.jsf</form-login-page>



<form-error-page>/jasl.jsf</form-error-page>


</form-login-config>

</login-config>

<security-role>


<role-name>admin</role-name>

</security-role>

<security-role>


<role-name>normal</role-name>

</security-role>