JAAS web-security on jboss 5
hello i'm trying to perform a based form authentication on jboss: these are my configuration files. login-config.xml:
<application-policy name="MyPolicy">
<authentication>
<login-module flag="required"
code="org.jboss.security.auth.spi.DatabaseServerLoginMod开发者_JAVA技巧ule">
<module-option name="dsJndiName">java:/espritDS</module-option>
<module-option name="principalsQuery">SELECT password FROM users WHERE
username=?</module-option>
<module-option name="rolesQuery">SELECT groupname FROM groups WHERE
username=?</module-option>
</login-module>
</authentication>
web.xml:
<!-- Security -->
<security-constraint>
<web-resource-collection>
<web-resource-name>secret</web-resource-name>
<url-pattern>/faces/secret/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/faces/login.jsp</form-login-page>
<form-error-page>/faces/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
and jboss-web.xml:
<jboss-web>
<!-- A security domain that restricts access -->
<security-domain>java:/jaas/MyPolicy</security-domain>
</jboss-web>
i thought i don't need to setup users and roles files since i have a database where i inserted some users and roles but i'm having this exception and didn't manage to deal with it: 11:57:26,587 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
You have error in your rolesQuery. It should looks just like that:
<module-option name="rolesQuery">SELECT groupname, 'Roles' FROM groups WHERE
username=?</module-option>
I don't see other errors.
You can read more about DatabaseServerLoginModule modules here: http://community.jboss.org/wiki/DatabaseServerLoginModule
加载中,请稍侯......
精彩评论