Form-based authentication and DatabaseServerLoginModule
nakamurt May 16, 2002 5:06 PMI'm using JBoss 2.4.4 with catalina 4.0.1 on windows 2000.
Help! I'm trying to set up form-based authentication and the DatabaseServerLoginModule. The login page is displayed when i try to access a protected area, however when I enter the userId and password and click on login, I get the following printstacktrace:
[ERROR,EmbeddedCatalinaServiceSX] HttpProcessor[8080][4] process.invoke
java.lang.ClassCastException: com.sun.security.auth.login.ConfigFile
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:215)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:170)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:167)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:339)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:454)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:393)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:361)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:217)
at org.jboss.web.catalina.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:253)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:263)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:459)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106)
at java.lang.Thread.run(Thread.java:536)
Here are my config files:
NOte: SQL tested and verified in bcgasadmin
1. $jboss_home\jboss\conf\catalina\auth.conf
simple {
org.jboss.security.auth.spi.SimpleServerLoginModule required;
};
bcgasadmin {
org.jboss.security.auth.spi.DatabaseServerLoginModule required
dsJndiName="java:/SQLServerDS"
principalsQuery="SELECT password FROM Users WHERE userName=?"
rolesQuery="SELECT userRole, roleGroup FROM UserRoles WHERE userName=?"
unauthenticatedIdentity=guest;
};
client-login {
org.jboss.security.ClientLoginModule required;
};
// The default server login module
other {
org.jboss.security.auth.spi.UsersRolesLoginModule required
unauthenticatedIdentity="nobody";
};
2. $jboss_home\jboss\client\auth.conf
srp {
// Example client auth.conf for using the SRPLoginModule
org.jboss.security.srp.jaas.SRPLoginModule required
password-stacking="useFirstPass"
principalClassName="org.jboss.security.SimplePrincipal"
srpServerJndiName="SRPServerInterface"
debug=true
;
// jBoss LoginModule
org.jboss.security.ClientLoginModule required
password-stacking="useFirstPass"
;
// Put your login modules that need jBoss here
};
other {
// Put your login modules that work without jBoss here
// jBoss LoginModule
org.jboss.security.ClientLoginModule required;
// Put your login modules that need jBoss here
};
3. JBoss-web.xml in Web-Inf
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/bcgasadmin</security-domain>
</jboss-web>
4. Standardjaws.xml
<datasource>java:/SQLServerDS</datasource>
<type-mapping>MS SQLSERVER2000</type-mapping>
<debug>false</debug>
5. Jboss.jcml
<mbean code="org.jboss.jdbc.JdbcProvider" name="DefaultDomain:service=JdbcProvider">
<attribute name="Drivers">org.hsqldb.jdbcDriver,com.microsoft.jdbc.sqlserver.SQLServerDriver,oracle.jdbc.driver.OracleDriver</attribute>
</mbean>
<mbean code="org.jboss.jdbc.XADataSourceLoader" name="DefaultDomain:service=XADataSource,name=SQLServerDS">
<attribute name="PoolName">SQLServerDS</attribute>
<attribute name="DataSourceClass">org.jboss.pool.jdbc.xa.wrapper.XADataSourceImpl</attribute>
<attribute name="Properties"></attribute>
<attribute name="URL">jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=Northwind</attribute>
<attribute name="GCMinIdleTime">1200000</attribute>
<attribute name="JDBCUser">sa</attribute>
<attribute name="Password" />
<attribute name="MaxSize">10</attribute>
<attribute name="GCEnabled">false</attribute>
<attribute name="InvalidateOnError">false</attribute>
<attribute name="TimestampUsed">false</attribute>
<attribute name="Blocking">true</attribute>
<attribute name="GCInterval">120000</attribute>
<attribute name="IdleTimeout">1800000</attribute>
<attribute name="IdleTimeoutEnabled">false</attribute>
<attribute name="LoggingEnabled">true</attribute>
<attribute name="MaxIdleTimeoutPercent">1.0</attribute>
<attribute name="MinSize">0</attribute>
</mbean>
6. standardjboss.xml
<jboss>
<security-domain>java:/jaas/bcgasadmin</security-domain>
...
</jboss>
7. login.jsp
<form method="GET" action='<%=response.encodeURL("j_security_check")%>'>
<TABLE align="left" border="0" width="100%">
<TR>
<TH align="right">
User Name
</TH>
<TD><input type="text" name="j_username" size=30 maxlength="50"/></TD>
</TR>
<TR>
<TH align="right">
Password:
</TH>
<TD><input type="password" name="j_password" size=30 maxlength="50"/></TD>
</TR>
<TR>
<TD colspan="2" align="center">
<INPUT TYPE="submit" name="j_security_check" VALUE="login"/>
</TD>
</TR>
</TABLE>
</form>
8. Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>loginform</display-name>
<description>Form based authentication login form</description>
<security-constraint>
<display-name>admin, user</display-name>
<web-resource-collection>
<web-resource-name>loginForm</web-resource-name>
<url-pattern>/jsp/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adminGroup</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/security/login.jsp</form-login-page>
<form-error-page>/jsp/security/loginErr.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Administrators</description>
<role-name>adminGroup</role-name>
</security-role>
<security-role>
<description>Users</description>
<role-name>userGroup</role-name>
</security-role>
</web-app>