-
FEATURED COMPONENTS
First time here? Check out the FAQ!
I AM DOING THIS EXAMPLE: http:// books.zkoss.org /wiki/SmallTalks/2009/August/FormBasedLoginwithJAASonJBossand_ZK
and:
http: //books.zkoss.org /wiki/SmallTalks/2010/February/AjaxandZKBasedLoginwithJAASon_JBoss
Then i created an web project and i create all Xml files, and the zul pages of the example
And Later i create a java Project with my persistence.xml, my entities and my DAOS.
Then i added the java project to my web project, the problem is that i do not know how controller my login with the users of my database, because the project run but always show:
Unknown exception when logging in: javax.security.auth.login.LoginException: Query failed Please, contact the admin.
i do not understand how jboss or jaas, return if the user exist, and the role of the user, to show the pages, my configuration files are:
(Are the same of the example except the login-jboss.beans.xml
)
Or how can i say to jboss or jaas, this is my persistence unit, and this is my DAO, look the users and return me if the user exist, and where i recieve if the user exost or not exist?? I have this code:
This is my Login in public folder:
<?xml version="1.0" encoding="UTF-8"?>
<?page title="ZK Form Login Demo" contentType="text/html;charset=UTF-8"?>
<box id="mainbox" align="center" pack="center" width="100%" xmlns:h="http: //www.w3. org/1999/xhtml">
<window title="ZK Form Login Demo" width="400px" position="cetner,center" border="normal">
<zscript><![CDATA[
// parse the j_exception
Throwable j_exception = (Throwable) sessionScope.get("j_exception");
String errMsg = null;
if (j_exception != null) {
if (j_exception instanceof javax.security.auth.login.FailedLoginException) {
errMsg = "Username and/or the password is not right. Please, try it again.";
} else {
errMsg = "Unknown exception when logging in: " + this.j_exception + " Please, contact the admin.";
}
}
]]></zscript>
<h:form method="post" id="j_security_check" action="j_security_check">
<grid>
<columns>
<column width="13em"/>
<column width="100%"/>
</columns>
<rows>
<row>
Username :
<textbox id="j_username" name="j_username" value="${sessionScope.j_username}" width="98%" />
</row>
<row>
Password :
<textbox id="j_password" name="j_password" type="password" width="98%" />
</row>
</rows>
</grid>
<div width="100%">
<h:input type="submit" value="Login" />
</div>
</h:form>
<div if="${errMsg != null}" width="100%" style="color:red">${errMsg}</div>
<zscript><![CDATA[
j_username.focus();
]]></zscript>
</window>
</box>
This is my zk.xml:
<?xml version="1.0" encoding="UTF-8"?>
<zk>
<system-config>
<disable-event-thread />
</system-config>
</zk>
This is my web xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.5" xmlns="http: //java.sun.com /xml/ns/javaee" xmlns:xsi="http: //www.w3.org /2001/XMLSchema-instance"
xsi:schemaLocation="http: //java.sun. com/xml/ns/javaee http:// java.sun.com /xml/ns/javaee/web-app_2_5.xsd"
>
<display-name>zkformlogin</display-name>
<listener>
<description>Used to cleanup when a session is destroyed</description>
<display-name>ZK Session Cleaner</display-name>
<listener-class>org.zkoss.zk.ui.http.HttpSessionListener</listener-class>
</listener>
<servlet>
<description>The servlet loads the DSP pages.</description>
<servlet-name>dspLoader</servlet-name>
<servlet-class>org.zkoss.web.servlet.dsp.InterpreterServlet</servlet-class>
</servlet>
<servlet>
<description>ZK loader for ZUML pages</description>
<servlet-name>zkLoader</servlet-name>
<servlet-class>org.zkoss.zk.ui.http.DHtmlLayoutServlet</servlet-class>
<init-param>
<param-name>update-uri</param-name>
<param-value>/zkau</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<description>The asynchronous update engine for ZK</description>
<servlet-name>auEngine</servlet-name>
<servlet-class>org.zkoss.zk.au.http.DHtmlUpdateServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>dspLoader</servlet-name>
<url-pattern>*.dsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>zkLoader</servlet-name>
<url-pattern>*.zul</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>zkLoader</servlet-name>
<url-pattern>*.zhtml</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>auEngine</servlet-name>
<url-pattern>/zkau/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.zul</welcome-file>
<welcome-file>index.zhtml</welcome-file>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
</welcome-file-list>
<!--
Mapping of beans to local JNDI names. Not used. Good for JndiResolver. <ejb-ref> <ejb-ref-name>ejb/UserDao</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type> <home>org.zkformlogin.UserDao</home>
<remote>org.zkformlogin.UserDao</remote> <mapped-name>zkformlogin-ear/UserDaoBean/local</mapped-name> </ejb-ref>
-->
<security-constraint>
<display-name>Everything</display-name>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>Secure Everything</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>Zkau and Public Unprotected</display-name>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>Exclude Zkau and Public</description>
<url-pattern>/zkau/*</url-pattern>
<url-pattern>/public/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>Admin pages</display-name>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>Admin pages</description>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMINISTRATOR</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ZK Form Login Demo</realm-name>
<form-login-config>
<!-- Try /public/login_simple.zul -->
<form-login-page>/public/login.zul</form-login-page>
<form-error-page>/public/login.zul</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>ADMINISTRATOR</role-name>
</security-role>
<!-- Not used in this demo web.xml
<security-role>
<role-name>user</role-name>
</security-role>
-->
</web-app>
This is my login-jboss-beans.xml
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="urn:jboss:bean-deployer:2.0">
<application-policy xmlns="urn:jboss:security-beans:1.0" name="zkformlogin">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<!-- <module-option name="hashAlgorithm">MD5</module-option> BASE64 also possible-->
<!-- <module-option name="unauthenticatedIdentity">guest</module-option> -->
<module-option name="dsJndiName">java:/DefaultDS</module-option>
<module-option name="principalsQuery">SELECT password FROM Users WHERE email=?</module-option>
<module-option name="rolesQuery">select r.type_role, 'Roles' from users u, role r where u.id_role=r.id_role and u.email=?</module-option>
</login-module>
</authentication>
</application-policy>
</deployment>
This is my context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!-- Add the ExtendedFormAuthenticator to get access to the exception and username. -->
<Context cookies="true">
<!-- You may like to add disableProxyCaching="false" attribute. -->
<Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator"
includePassword="false" >
</Valve>
</Context>
And i have the public files and admin files of the example,
All the files are the same except my login-jboss-beans.xml
that i change the query.
If you don't need Spring for anything else in you application and are just trying to use if for security, have a look at Shiro instead. Easier to understand and install/setup than Spring.
Asked: 2013-10-19 18:07:47 +0800
Seen: 48 times
Last updated: Oct 20 '13
ZK Spring (ZK + Spring MVC) is RESTful?
ZK + Spring Security Custom Login form
ZK + Spring 3 + Hibernate 4 Examples
Spring security doesn't return user inside event listener
where to put @Transactional (Hibernate Spring)
Not able to bind Spring beans after zk upgrade
retriving Spring authentication provider Name dynamically in multiple authentication providers