tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "" <>
Subject Jboss Tomcat login problem
Date Thu, 24 Jan 2002 18:46:18 GMT
Hi I've a security problem in my web app.
I'm using Jboss2.4.3 Tomcat4.0

When a user, for exemple with username 'vincini' connects to a 
protected area sometimes the login fails because you can see th HTTP-
403 error message.
I said sometimes because I can't understand why but other times the 
login is successful!
The strange thing is that if the login fails and he tries to connect 
again the login goes well!!

I think my problem is not in the authentication, but in role mapping, 
cause I 
got the printing: [Default] User 'vincini' authenticated  (but the user 
the HTTP-403!)

I use the DatabaseServerLoginModule and this is the entry in my 

modulojdbc { required
   principalsQuery="SELECT Password FROM PRINCIPALS WHERE principalid=?"
   rolesQuery="SELECT Role, RoleGroup FROM ROLES WHERE principalid=?";

I have the following 2 tables in my database :

PRINCIPALS(principalid, password)
pk: principalid

ROLES(principalid, role, rolegroup)
pk: principalid,role
fk: principalid references PRINCIPALS

I have inserted some rows:

PRINCIPALS: ('vincini','vincini')
ROLES: ('vincini','docente','Roles')
I also have a method in my EJB that invokes isCallerInRole
("DOCENTE") and 
So I've included these lines in the ejb-jar.xml:


Should I add a row in the ROLES table like this:

('vincini','DOCENTE','CallerPrincipal')  ?

If I add it, the user "vincini" gets an error cause the 
getCallerPrincipal().getName() returns the String "DOCENTE" instead of 

When should the rolegroup "CallerPrincipal" be used? 

How can I solve this problem? Any idea?


View raw message