• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
  • Bear Bibeault
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Piet Souris
  • salvin francis
  • Stephan van Hulst
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Jj Roberts

Form based login = please help

 
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I am having an existing project where form based login is implemented. It has database table and login.jsp. I tried to figure out how j_security_check is linked to the database for pulling user out and validating.

i got login-config.xml file in my JBoss server. It has following.

- <application-policy name="ioclpower_domain">
- <!--
A simple server login module, which can be used when the number
of users is relatively small. It uses two properties files:
users.properties, which holds users (key) and their password (value).
roles.properties, which holds users (key) and a comma-separated list of
their roles (value).
The unauthenticatedIdentity property defines the name of the principal
that will be used when a null username and password are presented as is
the case for an unuathenticated web client or MDB. If you want to
allow such users to be authenticated add the property, e.g.,
unauthenticatedIdentity="nobody"


-->
- <authentication>
- <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/SLBDataSource</module-option>
<module-option name="principalsQuery">Select USERPASS from UM_USERS_FORJAAS where USERID = ?</module-option>
<module-option name="rolesQuery">Select SYSROLE 'Roles', USERROLEGROUPS 'RoleGroups' from UM_USERSYSROLES_FORJAAS where USERID = ?</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">base64</module-option>
</login-module>
</authentication>
- <!--
<authentication>
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" >
<module-option name="usersProperties">iocl.users</module-option>
<module-option name="rolesProperties">iocl.roles</module-option>
</login-module>
</authentication>

-->
</application-policy>


can anybody explain about above thing?
where is it checking the password? is there any standard for database table names and field names?

thanks in advance.
 
Ranch Hand
Posts: 186
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use what ever table names and column names you like, you just have to define a valid SQL query in the principlesQuery to select the user's password when their username is queried, i.e.

SELECT password FROM users WHERE user_id = ?

The rolesQuery then selects the primary key from the roles table:

SELECT role_id, 'Roles' FROM roles WHERE user_id = ?

Table structure
 
You may have just won ten million dollars! Or, maybe a tiny ad.
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic