This discussion is archived
0 Replies Latest reply: Jan 11, 2013 6:36 AM by 750770 RSS

JAAS LoginModule is not getting called.

750770 Newbie
Currently Being Moderated
Hi Techies,

I am newbie to the JAAS, I have started implementing JAAS with Tomcat7. I have written jaas.config file and placed inside the Tomcat config folder.

<code>
StatusTracking {
StatusTrackingAuthentication required
dbDriver="oracle.jdbc.driver.OracleDriver"
dbURL="jdbc:oracle:thin:@localhost:1521:XE"
dbUser="system"
dbPassword="system"
userQuery="SELECT USER_NAME FROM USER_DETAILS WHERE USER_DETAILS.USER_NAME=? AND USER_DETAILS.PASSWORD=?"
roleQuery="SELECT USER_ROLE.ROLE_NAME FROM USER_DETAILS, USER_ROLE WHERE USER_DETAILS.USER_NAME=USER_ROLE.USER_NAME AND USER_DETAILS.USER_NAME=?"
debug=true;
};
</code>

This jaas.config file entry is added into the java.security file inside the config folder of Tomcat as below (This is one of the way to add entry as Tomcat doesnot contains any .sh or .bat file),

<code>login.config.url.1=file:///C:/Program Files/Apache Software Foundation/Tomcat 7.0/conf/jaas.config</code>

Then i have configured JAASRealm in server.xml,

<code>
<Realm className="org.apache.catalina.realm.JAASRealm" appName="StatusTracking"
               userClassNames="com.test.UserPrincipal,com.test.PasswordPrincipal"
               roleClassNames="com.test.RolePrincipal"/>
</code>

I have created Jar file which contains the Principle and LoginModule class file, put it into Tomcat lib folder and given the all permission to that jar in catalina.policy.

My web.xml looks below,

<code>

<servlet>
          <servlet-name>securityCheck</servlet-name>
          <servlet-class>com.test.LoginAuthenticationController
          </servlet-class>
     </servlet>

     <servlet-mapping>
          <servlet-name>securityCheck</servlet-name>
          <url-pattern>/securityCheck</url-pattern>
     </servlet-mapping>

     <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>StatusTracking</realm-name>
          <form-login-config>
               <form-login-page>/index.jsp</form-login-page>
               <form-error-page>/error.jsp</form-error-page>
          </form-login-config>
     </login-config>
     <security-role>
          <role-name>*</role-name>
     </security-role>
     <security-constraint>
          <web-resource-collection>
               <web-resource-name>StatusTracking</web-resource-name>
               <url-pattern>/</url-pattern>
               <http-method>POST</http-method>
               <http-method>GET</http-method>
          </web-resource-collection>
          <auth-constraint>
               <role-name>*</role-name>
          </auth-constraint>
     </security-constraint>
     <welcome-file-list>
          <welcome-file>index.jsp</welcome-file>
     </welcome-file-list>
</code>

I have two table

1.USER_DETAILS -- contains username and password
2.USER_ROLE -- contains role name for the user.

I have created separate Principle for username,password and roles. DB details is reading from jaas.config and getting the DB connection. My JSP contains two input fields and the form submits.

I can able to see the login page after enter the username and password, am not getting any exception which remains in the same page. I have added sysout, server not printing anything.

My JSP,

<code>
<form id="loginForm" name="loginForm" method="post" action="securityCheck">
User Name : <input id="username" type="text" name="username" class="textbox"></input>
Password : <input id="password" type="password" name="password" class="textbox"></input>
<input name="login" type="submit" value="LOGIN" id="submit" class="button blue">
</form>
</code>

Please help me on this, thanks in advance.

---
Thanks,

Thangavel L Nathan.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points