Hello,

Failed to use DatabaseServerLoginModule in JBoss3/Jetty.

My configuration is as following:

login-config.xml
===============================
<application-policy name = "testadmin">

<login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"/>
<module-option name="dsJndiName">java:/MySqlDS
</module-option>
<module-option name="principalsQuery">
SELECT password FROM RealmUser WHERE username=?
</module-option>
<module-option name="rolesQuery">
SELECT userrole, rolegroup FROM RealmUserRoles WHERE username=?
</module-option>
<module-option name="unauthenticatedIdentity">
guest
</module-option>

</application-policy>




jboss-web.xml
==============
<!DOCTYPE jboss-web
PUBLIC "-//JBoss//DTD Web Application 2.3//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">

<jboss-web>
<context-root>/test</context-root>
<security-domain>java:/jaas/testadmin</security-domain>
</jboss-web>



web.xml
===============
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>

<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>admin</role-name>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>

<!-- Default login configuration uses form-based authentication -->

<login-config>
<auth-method>FORM</auth-method>
<realm-name>testadmin</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>



When tried to login, the following exception displayed:
=========================================================
2002-07-31 10:44:17,660 ERROR [org.jboss.security.auth.spi.DatabaseServerLoginModule] Query failed
java.sql.SQLException: Table not found: PRINCIPALS in statement [select Password from Principals where PrincipalID='test']
at org.hsqldb.Trace.getError(Trace.java:180)
at org.hsqldb.Result.(Result.java:175)
at org.hsqldb.jdbcConnection.executeHSQL(jdbcConnection.java:907)
at org.hsqldb.jdbcConnection.execute(jdbcConnection.java:718)
at org.hsqldb.jdbcStatement.fetchResult(jdbcStatement.java:686)
at org.hsqldb.jdbcStatement.executeQuery(jdbcStatement.java:68)
at org.hsqldb.jdbcPreparedStatement.executeQuery(jdbcPreparedStatement.java:133)
at org.jboss.resource.adapter.jdbc.local.LocalPreparedStatement.executeQuery(LocalPreparedStatement.java:289)
at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:100)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:142)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:664)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:381)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:347)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:215)
at org.jboss.jetty.security.JBossUserRealm$JBossUserPrincipal.isAuthenticated(JBossUserRealm.java:72)
at org.jboss.jetty.security.JBossUserRealm$JBossUserPrincipal.authenticate(JBossUserRealm.java:133)
at org.jboss.jetty.security.JBossUserRealm.authenticate(JBossUserRealm.java:232)
at org.mortbay.jetty.servlet.ServletHandler.authenticated(ServletHandler.java:802)
at org.mortbay.http.SecurityConstraint.check(SecurityConstraint.java:297)
at org.mortbay.http.handler.SecurityHandler.handle(SecurityHandler.java:302)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1387)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1326)
at org.mortbay.http.HttpServer.service(HttpServer.java:757)
at org.jboss.jetty.Jetty.service(Jetty.java:527)
at org.mortbay.http.HttpConnection.service(HttpConnection.java:742)
at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:915)
at org.mortbay.http.HttpConnection.handle(HttpConnection.java:757)
at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:151)
at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
at org.mortbay.util.ThreadPool$JobRunner.run(ThreadPool.java:715)
at java.lang.Thread.run(Thread.java:536)
2002-07-31 10:44:17,770 DEBUG [org.jboss.security.plugins.JaasSecurityManager.testadmin] Login failure




JBoss seems not follow my SQL query to get the password and roles, and also, I specify a Datasource to MySQL, but it use HSQL.


Please help.

Best regards,
Eric