Estou com problema de autenticação em uma aplicação básica utilizando o JAAS no jboss 4.2…
Apesar de ter configurado todos os arquivos quando eu logo na página com o usuário e senha corretos sou redirecionado para página de não autenticado,
sem nenhuma stack trace de erro…
Na camada WEB:
login.jsp
<form method="POST" action="j_security_check">
<table>
<tr><td>User:</td><td><input type="text" name="j_username"/></td></tr>
<tr><td>Password:</td><td><input type="password" name="j_password"/></td></tr>
<tr><td><input type="submit"/></td><td></tr>
</table>
</form>
web.xml
<login-config>
<auth-method>FORM</auth-method>
<realm-name>testeJaasRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/naoautenticado.jsp</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>autenticacao</web-resource-name>
<url-pattern>/autenticado</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>ADMIN</role-name>
</security-role>
<servlet>
<description></description>
<display-name>Autenticado</display-name>
<servlet-name>Autenticado</servlet-name>
<servlet-class>com.control.Autenticado</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Autenticado</servlet-name>
<url-pattern>/autenticado</url-pattern>
</servlet-mapping>
Na camada de négocio:
jboss-web.xml
<jboss-web>
<security-domain>testeJaasRealm</security-domain>
</jboss-web>persistence.xml
<persistence-unit name="jaasdb" transaction-type="JTA">
<jta-data-source>java:/MySqlDS</jta-data-source>
</persistence-unit>User.java
@Entity
@Table(name="TB_USER")
public class User implements Principal{
private String name;
private String password;
private Set<Role> roles;
@Id
@Column(name="USER_ID")
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@Column(name="PASSWORD")
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@OneToMany(mappedBy="user")
public Set<Role> getRoles() {
return roles;
}
public void setRoles(Set<Role> roles) {
this.roles = roles;
}
}Role.java
@Entity
@Table(name="TB_ROLE")
public class Role implements Principal{
private User user;
private String name;
@Id
@Column(name="ROLE_ID")
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@ManyToOne
@JoinColumn(name="USER_ID")
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
}
AutorizacaoBean.java
@Stateless
public class AutorizacaoBean implements AutorizacaoLocal{
@RolesAllowed("ADMIN")
public void usuarioAdministradorTeste(){
System.out.println("Administrador do sistema...");
}
}No jboss:
login-config.xml
<application-policy name="testeJaasRealm">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/MySqlDS</module-option>
<module-option name = "principalsQuery">SELECT PASSWORD FROM TB_USER WHERE USER_ID=?</module-option>
<module-option name = "rolesQuery">SELECT ROLE_ID, 'Roles' FROM TB_ROLE WHERE USER_ID=?</module-option>
</login-module>
</authentication>
</application-policy>Já sei que existem muitos tópicos a respeito disso:
http://www.guj.com.br/posts/list/42685.java#226421
http://www.guj.com.br/posts/list/42074.java#687686
e até um tutorial do guj só que nenhum deles me ajudou a resolver o problema…
Alguem sabe se ficou faltando configurar algum arquivo no jboss?? Ou alguma configuração errada nestes que postei??
Obrigado…
