• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

JBoss Oracle Database Security

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,
I try to do authentication in JBoss with an Oracle DB.
The web form displays and can be filled in, but he always denies the access and goes back to the login.jsp page, although the correct username/password are in the DB.
I think it has something to do with the OracleDS. I think JBoss cannot find the datasource, althoug the declaration file is in the deploy dir.
Does anyone know what to do or what I have done wrong?
Thanks a lot,
Jeroen
***************** FILE oracle-ds.xml in <jboss>/server/default/deploy *****
<?xml version="1.0" encoding="UTF-8"?>
<!-- JBoss Server Configuration for oracle -->
<datasources>
<local-tx-datasource>
<jndi-name>OracleDS</jndi-name>
<connection-url>jdbcracle:oci8:@myserver</connection-url>
<driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
<user-name>myUsername</user-name>
<password>myPassw</password>
<!-- Checks the Oracle error codes and messages for fatal errors -->
<exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
<min-pool-size>5</min-pool-size>
<max-pool-size>20</max-pool-size>
</local-tx-datasource>
</datasources>
********************** login-config.xml in <jboss>/server/default/conf **********
<application-policy name="MyWebRealm">
<authentication>
<login-module code="org.jboss.security.auth.spi.DataBaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/OracleDS</module-option>
<module-option name="principalsQuery">SELECT password FROM users WHERE loginname=?</module-option>
<module-option name="rolesQuery">SELECT role, 'Roles' FROM userroles WHERE loginname=?</module-option>
</login-module>
</authentication>
</application-policy>

*************** in my Web application: web.xml **************
<!--security-constraint>
<display-name>Security My Web Application</display-name>
<web-resource-collection>
<web-resource-name>LocalysWeb Security</web-resource-name>
<description>Restrict all access to this application</description>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.do</url-pattern>
</web-resource-collection>

<auth-constraint>
<description>Only authorise users with the following roles defined.</description>
<role-name>administrator</role-name>
</auth-constraint>

<user-data-constraint>
<description>Protection should be CONFIDENTIAL if SSL is installed (or NONE)</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyWebRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>administrator</role-name>
</security-role>
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic