6 Replies Latest reply on Aug 22, 2002 3:37 AM by perlboy

FORM based authentication using DatabaseServerLoginModule. P

perlboy Aug 19, 2002 3:18 AM

Hi,

I tried the basic authentication using the DatabaseServerLoginModule with JBoss 3.0 and it worked.
But, I do not have a clue how to get the DatabaseServerLoginModule invoked using FORM authentication,
I checked the whole forum, but could not find an answer, also the Tutorial does not provide an answer.
I have a simple HTML login page containing a form witch calls a servlet, which then should trigger
the DatabaseServerLoginModule.

My Servlet looks like this:

public class SecureServlet extends HttpServlet
{
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
String name = request.getParameter("name");
String passwd = request.getParameter("passwd");
char[] password = passwd.toCharArray();
try
{
AppCallbackHandler handler = new AppCallbackHandler(name, password);
LoginContext lc = new LoginContext("testDB", handler);
System.out.println("Created LoginContext");
lc.login();
}
catch (LoginException le)
{
throw new ServletException("Login failed", le);
}
}

protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
processRequest(request, response);
}

protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
processRequest(request, response);
}
}

I configured the authentication policy in login-config.xml:

<application-policy name = "testDB">

<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiMName">java:/MySqlDS</module-option>
<module-option name = "principalsQuery">select passwd from Users username where username=?</module-option>
<module-option name = "rolesQuery">select userRoles, 'Roles' from UserRoles where username=?</module-option>
</login-module>

</application-policy>

The login module is not called, it just tells me...

08:23:06,870 WARN [JBossUserRealm#testDB] authentication failure: tester
08:23:06,870 WARN [Jetty] WARNING: AUTH FAILURE: user tester

Does anybody have a clue what I do wrong.
Any help apreshiated.
Thank you.

jd

1. Re: FORM based authentication using DatabaseServerLoginModul

gman Aug 19, 2002 6:28 AM (in response to perlboy)

I get a similiar error when trying to use basic auth. I'm sure I'm not specifying the security domain in jboss-web.xml properly. How did you do it for basic ? Also, do we have to implement the login ourselves in a servlet ? Surely jboss should do this for us thru j_security_check ?

matt.
Actions
2. Re: FORM based authentication using DatabaseServerLoginModul

sharkman Aug 19, 2002 6:53 AM (in response to perlboy)

Your login-config section in the web.xml should look similar to this:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Secured Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/failed.jsp</form-error-page>
</form-login-config>
</login-config>

And in the login.jsp page the action of the form should be set to "j_security_check". The name of the input field containing the name should be j_username and the field of the password should be j_password.

Jboss handles the calls the DatabaseServerLoginModule for you.

- Stefan
Actions
3. Re: FORM based authentication using DatabaseServerLoginModul

perlboy Aug 19, 2002 1:49 PM (in response to perlboy)

Hi,
Thanks for your answer, I also tried that, but with no luck.
My web.xml looks like this:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>testDB</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login_failed.jsp</form-error-page>
</form-login-config>
</login-config>

The jsp login page calls j_security_check with j_username and j_password, but no matter what login I use (correct or incorrect) the login_failed.jsp page gets displayed.

On the server it says (using incorrect credentials)
18:44:15,368 WARN [JBossUserRealm#testDB] authentication failure: xxx

When I use a correct username and password, just
18:44:16,259 INFO [Jetty] JSP: init
is displayed and the login_failed.jsp in the browser.

Does anyone have an explanation for this.
Thanks a lot.

jd
Actions
4. Re: FORM based authentication using DatabaseServerLoginModul

terp Aug 20, 2002 5:36 AM (in response to perlboy)

Hi

I have had it running like sharkman describes it for a while now on jBoss3.01RC1, but i recently changed to jBoss3.0.1 and now my login jsp page is just rendered blank. What jBoss version are you guys on?

^Torsten
Actions
5. Re: FORM based authentication using DatabaseServerLoginModul

taiwubrian Aug 22, 2002 12:24 AM (in response to perlboy)

Hi,

Are there typos in your policy?

(1) Select passwd from Users username where username=?
--> why put a username after Users? is it an alias?

(2) Select userRoles, 'Roles' from ...
--> why single quoted Roles?

(3) <module-option name = "dsJndiMName">
--> should it be dsJndiName? you put an extra M in the middle.

In addition, I think Role shoulds be the first selected field and RoleGroup the next.

Here is my policy and it works:

<application-policy name = "farglory">

<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/TaiwuDS</module-option>
<module-option name = "principalsQuery">select Password from JAASPrincipal where PrincipalID=?</module-option>
<module-option name = "rolesQuery">select Role, RoleGroup from JAASRole where PrincipalID=?</module-option>
</login-module>

</application-policy>

Good Luck.

Brian
Actions
6. Re: FORM based authentication using DatabaseServerLoginModul

perlboy Aug 22, 2002 3:37 AM (in response to perlboy)

Thank you very much for your answers. I will try this.

jd
Actions

Go to original post