I am trying to implement form-based authentication in a
JBOSS 3.2.3/ Embedded Tomcat/ Firebird database environment. I have tested that I can login into Firebird using isql for the user id/ password combination that I have. It seems to go past any
jdbc connection errors (no stack/ failures). However,
Tomcat chokes with a "HTTP Status 403 - Access to the requested resource has been denied" message.
My login-config.xml has the following entries:
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="dsJndiName">
java:/IAL-AUTH-DS</module-option>
<module-option name="principalsQuery">select pr_password from principals where principal_id=?</module-option>
<module-option name="rolesQuery">select user_role, role_group from roles where principal_id=?</module-option>
</login-module>
</authentication>
My firebird..-xa-ds.xml has
<connection-factories>
<tx-connection-factory>
<jndi-name>IAL-AUTH-DS</jndi-name>
<xa-transaction/>
<adapter-display-name>Firebird Database Connector</adapter-display-name>
<config-property name="Database" type="java.lang.String">localhost/3050:/home2/niprdev/db/niprdev_auth.GDB</config-property>
<user-name>
test</user-name>
<password>test</password>
<!--additional properties. only use one way of setting tx isolation, please
<config-property name="TransactionIsolation"></config-property>
<config-property name="TransactionIsolationName">TRANSACTION_READ_COMMITTED</config-property>
<config-property name="BlobBufferLength"></config-property>
<config-property name="Encoding">UNICODE_FSS</config-property>
-->
<min-pool-size>0</min-pool-size>
<max-pool-size>50</max-pool-size>
</tx-connection-factory>
</connection-factories>
My web.xml has:
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
<description>Declarative security</description>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ial</role-name>
</auth-constraint>
<user-data-constraint>
<description>No descrp</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ial</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.htm</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>ial</role-name>
</security-role>
My jboss-web.xml defines the application security domain JNDI namespace as:
<jboss-web>
<context-root>/ial/web-app</context-root>
<!-- Uncomment this element to add security for the application -->
<security-domain>java:/jaas/ial</security-domain>
</jboss-web>
I cant see why it does not connect completely. There is no JDBC error thrown.
Any suggestions? Help!