[OT] EXTREMELY URGENT: JBoss JAAS/Container Security issue

[Mi...@ubsw.com]

I appologize for this Off-Topic message, but I desperatly need help!

I have been fighting with the JBoss DatabaseServerLoginModule for almost 2 months now without success.
I have tried an infinite number of combinations to try to get to a _SIMPLE_ solution as outlined by the JBoss manual, the JAAS article in JavaWorld, and hundreds of documents and examples from all over the internet.

Well, I just don't have anymore time to waste as my deadline is now 48 hours away!
I desperately need help:

1. Find someone to offer some help to resolve this by Friday.
2. Direct me somewhere to find the help I need
3. Tell who would be willing to have me hire them for the help I need.

Here is my current situation:
I am using JBoss 3.0.6 with Catalina on NT 4.0, MySql, XDoclet 1.2, Struts 1.1rc1, JDK 1.4.
I create a beans.jar, common.jar, app.war and package everything into app.ear. The only things that are not in my EAR are the mysql-service.xml, auth.conf, login-config.xml, and server.policy which reside in the $JBOSS_HOME\server\default\conf and the $JBOSS_HOME\server\default\deploy directories.
I also attached all the above file in a zip file here in this message.

I have the DatabaseServerLoginModule configured and it seems to be operating, but not correctly.
When I try to access a page under /private/* I get forwarded to /logon.jsp correctly.

My MySql Database has 2 tables:
TABLE_USER: columns: username, password
TABLE_USER_ROLES: columns: username, user_roles, user_group

TABLE_USER: data: "mick", "mickPassword"
TABLE_USER_ROLES: data1: "mick", "user", "user"
TABLE_USER_ROLES: data2: "mick", "admin", "admin"

I then type in j_username: "mick", j_password: "mickPassword" and click ENTER.
I seem to be logged in successfully as the console shows that I have 3 Principals: "mick", "user", "admin" and when I attempt to navigate to pages in the private area that do not require EJB access, I continue to see that my Principal is kept successfully through each page. So I do _not_ currently have the Principal=null issue.
I do however have a UserPreferenceFilter that I check if the user is in role "user", "admin", or "guest" and all 3 come up as "NO".

Also, when I attempt to access a page that goes to my EJB layer, I get a Security violation error that states user must belong to [<ANYONE>] role. But I have added a "run-as = InternalUser" for all my EJB's so far. But that does not seem to work. When I remove the "run-as=InternalUser", I get a Security Violation that states the user must belong to the role I specified.

So it seems that my main 2 issues are getting the Roles to stick to the user when they login, and the EJB's to be able to use the user Roles, or the "run-as=InternalUser"



-------------------------
Thank You 
Mick Knutson 
Sr. Designer - Project Trust 
aUBS AG, Financial - Zürich 
Office: +41 (0)1/234.42.75 
Internal: 48194 
Mobile: 079.726.14.26 
-------------------------