I am trying to make use of a custom security realm which works against a
sql database via jdbc. I have the LoginModule working properly, but for
some reason the authorization realm is not working.
My realm is defined like this and it is set as the default realm ...
<auth-realm classname="com.sun.wpe.jdbcrealm.JDBCRealm"
name="wpejdbc">
<property name="dbusername" value="roller"/>
<property name="dbpasswd" value="roller"/>
<property name="userpasswdcol" value="passphrase"/>
<property name="jaas-context" value="JDBCRealm"/>
<property name="usernamecol" value="username"/>
<property name="usertable" value="rolleruser"/>
<property name="grouptable" value="userrole"/>
<property name="usergroupcol" value="rolename"/>
<property name="dbdrivername" value="com.mysql.jdbc.Driver"/>
<property name="dburl"
value="jdbc:mysql://localhost:3306/roller_dev?autoReconnect=true"/>
</auth-realm>
I have all the right security constraint definitions in my web.xml file
and the login module is defined in the login.conf file. When I access a
protected resource in my application I am properly presented with my
login page, then after submitting my name/password I can see in the
server.log that the authentication succeeded. After that I simply get a
403 response from the server.
It appears as if my JDBCRealm.getGroupNames(username) method is never
being called because I never get any debugging from that method.
shouldn't that method be called on each request for a protected
resource?
I've attached my source files.
Thanks in advance for any help.
-- Allen