13 Replies Latest reply on Sep 16, 2002 6:09 AM by zarni

    FORM login doesn't work properly, help!!

    zarni

      I've tried everything, but still doesn't work...
      I've set up a simple FORM auth for my app. but i can't login.
      And if i set the url-pattern in the security-constraint (web.xml) to "/*.jsp" , then i can access all my pages and jboss
      doesn't redirect me to the login page.
      If i set the pattern to "/*" , everything works correct but i can never login...


      I don't know what I'm missing. I did this by an example from the forum, but it won't work...
      I also created the database tables for DatabaseServerLoginModule, with users and roles..


      Please, help me, somebody!

      ...Zarni...

      Here are my files:

      (web.xml)
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>ekatalog</web-resource-name>
      <!-- Define the context-relative URL(s) to be protected -->
      <url-pattern>/*</url-pattern>
      <!-- If you list http methods, only those methods are protected
      <http-method>DELETE</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>-->
      </web-resource-collection>
      <auth-constraint>
      <!-- Anyone with one of the listed roles may access this area -->
      <role-name>user</role-name>
      <role-name>admin</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <!-- Default login configuration uses form-based authentication -->
      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>MySqlRealm</realm-name>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/errorlogin.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      <role-name>user</role-name>
      </security-role>
      <security-role>
      <role-name>admin</role-name>
      </security-role>
      </web-app>

      (jboss-web.xml)
      <jboss-web>
      <security-domain>java:/jaas/MySqlRealm</security-domain>
      </jboss-web>

      (login-config.xml - the realms)
      ...
      <application-policy name = "MySqlRealm">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name="dsJndiName">java:/mySQLDS</module-option>
      <module-option name="principal">ekroot</module-option>
      <module-option name="principalsQuery">SELECT password FROM ek.users WHERE username=?</module-option>
      <module-option name="rolesQuery">SELECT rolename, rolegroup FROM ek.userroles WHERE username=?</module-option>
      <module-option name= "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=mySQLDS</module-option>
      </login-module>

      </application-policy>

      <application-policy name = "MySqlDbRealm">

      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
      <module-option name= "principal">ekuser</module-option>
      <module-option name= "userName">ekuser</module-option>
      <module-option name= "password">ek1329</module-option>
      <module-option name= "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=mySQLDS</module-option>
      </login-module>

      </application-policy>
      ...

      (i use mysql... mysql-service.xml)
      ...
      MySqlDbRealm
      <depends optional-attribute-name="ManagedConnectionFactoryName">
      <!--embedded mbean-->


      mySQLDS



      <config-property name="ConnectionURL" type="java.lang.String">jdbc:mysql://localhost:3306/ek</config-property>
      <config-property name="DriverClass" type="java.lang.String">org.gjt.mm.mysql.Driver</config-property>
      <!--set these only if you want only default logins, not through JAAS -->
      <config-property name="UserName" type="java.lang.String">ekuser</config-property>
      <config-property name="Password" type="java.lang.String">ek1329</config-property>



      ...

        • 1. Re: FORM login doesn't work properly, help!!
          tool

          Zarni,

          The <realm-name> in your web.xml must match with the <application-policy> entry in login-config.xml that uses the ConfiguredIdentityLoginModule.

          In your case the <realm-name> in web.xml should be:
          <realm-name>MySqlDbRealm</realm-name>

          To match with the entry in login-config.xml named:
          <application-policy name="MySqlDbRealm">

          Hope this helps...
          Brian

          • 2. Re: FORM login doesn't work properly, help!!
            zarni

            I did it ... but still does'n do the job...

            I'm so tired with this small jboss problems,...
            The documentation is so poor with real life examples!
            Maybe someone could post a working DatabaseServerLoginModule configuration.
            That would be realy nice, i'd pay him a drink.

            tool, thanks anyway...

            ...Zarni...

            • 3. Re: FORM login doesn't work properly, help!!
              hurzeler

              Hello Zani,

              I have similar problems with the FORM login, but it seems to me that I got a little further.

              I have attached a very simple example that lets you log in but then does not allow you to run the stateless session bean HelloWorld.

              May be we can work on this together and settle this issue for the other guys once and forever.

              See also http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t=forums/ where I outlined some of the issues and questions I have.

              I have attached the timeTag.ear that is ready to be deployed.

              The example actually creates 'users' and 'roles' table through a entity bean. You then have to populate these as follows:
              INSERT INTO users VALUES('java', 'echoman');
              INSERT INTO users VALUES('johnd', 'somepassword');
              INSERT INTO roles VALUES('1', 'java', 'java_caller', 'CallerPrincipal');
              INSERT INTO roles VALUES('2', 'johnd', 'java_caller', 'CallerPrincipal');
              INSERT INTO roles VALUES('3', 'java', 'AuthorizedUser', 'Roles');
              INSERT INTO roles VALUES('4', 'johnd', 'Administrator', 'Roles');

              I am running JBoss3.0.1 with Jetty on java1.3.1_04 with Postgres (postgresql-7.1.3-2).

              You therefore might have to change the login-config.xml to use your DB.

              Further I have also attached the Log4j.xml that switches some of the debugging on. That makes it a little easier to see what is going on.

              Stay in touch. Let me know how you are getting on.

              Bernie

              PS I seem to have difficulties to attach the files. I will email them to you...

              • 4. Re: FORM login doesn't work properly, help!!
                zarni

                Hello!

                I've tried everything, did everything like in your example, but it still doesn't work.

                i get the same errors,...
                maybe it's got something to do with the mysql-service.xml
                or login-conf.xml
                maybe i should get jboss3.0.1 ...

                thanks for the example, i'll keep on trying to make it work...

                ...zarni...

                • 5. Re: FORM login doesn't work properly, help!!
                  tool

                  Sorry that didn't fix your problem Zarni. I agree with you that the documentation for the examples isn't the greatest.
                  I know you are using mysql, but here is a zip containing my config files and logon page using an oracle data source. Hope this helps a little!

                  • 6. Re: FORM login doesn't work properly, help!!
                    hurzeler

                    Thanks tool!

                    Have similar problems as zani and have tried your example. I can logon on the client side (Jetty) but when I try to execute a method on my stateless session bean I get:
                    10:02:08,635 ERROR [SecurityInterceptor] Authentication exception, principal=null
                    I wonder if that might have to do with wrong settings in ejb-jar.xml.

                    If it is not too much trouble could you attach also a simple example of a working ejb-jar.xml

                    Tha

                    Bernie

                    • 7. Re: FORM login doesn't work properly, help!!
                      tool

                      Glad it helped!!
                      I use stateful session beans, but I am pretty sure that the descriptor set up is the same for both stateless and stateful.
                      Here it is and I hope it helps.

                      Brian

                      • 8. Re: FORM login doesn't work properly, help!!
                        tool

                        OK i freely admit that I am a moron. I posted a reply with the attached ejb-jar.xml and I have NO idea where it got posted too so here it is again, and feel free to laugh at me if the first post pops up somewheres.
                        Brian

                        • 9. Re: FORM login doesn't work properly, help!!
                          zarni

                          :-) I must be a moron... I just can't get the logon to work..

                          I got it to the point where i get the login.jsp but when
                          i hit the button i get access denied!!! I think jboss is working fine but maybe it's got something to do with wrong usernames or passwords... maybe jboss is not able to check the identity from the users tables in mysql that i'm using...

                          • 10. Re: FORM login doesn't work properly, help!!
                            jhalmes

                            What does your server.log look like right after you fail to login? I have form based auth working on linux, using an oracle db. You original url pattern probably was hindering you, you can't protect the actual login page or it won't work.

                            Mine look like this:
                            <url-pattern>/*.jsp</url-pattern>
                            <url-pattern>/common/*</url-pattern>

                            Then I use index.html to login so the "*.jsp" doesn't match my login page.

                            I used the login-config.xml settings from the 3.0 draft doc that is posted online.
                            Also check out the JNDIList from port 8082, there is a list command at the bottom, make sure your MySQL DS shows up in the list.

                            There should be some sort of stack trace in server.log though if JBoss is having a problem. Otherwise, it could be your username/password setup in your database as you suspect.

                            • 11. Re: FORM login doesn't work properly, help!!
                              zarni

                              Yeah... i finally did it...
                              and what was wrong with my setup.. :-)
                              I had "EkRoles" in my rolegroup in the userroles table, but it should be just "Roles"... when i first read the jboss quick start i thought it was written that this is not important, now I see I was totaly wrong...
                              thank you all for your support!

                              :-) but now I got another problem I have to assign security roles to my beans, I think i did it the right way, But I get
                              java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
                              java.lang.SecurityException: No method permissions assigned to method=create
                              at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:185)
                              at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:93)
                              at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:109)
                              at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300 ...

                              Someone have any ideas...

                              • 12. Re: FORM login doesn't work properly, help!!
                                zarni

                                I finally did it ... HERE ARE all of my deploy. desc.
                                it works fine now...
                                take a bite ;-)

                                • 13. Re: FORM login doesn't work properly, help!!
                                  zarni

                                  I finaly did it:

                                  here are the deploy. desc.


                                  it works fine... the form login, the security access...
                                  nice...

                                  but don't ask me how much nerves it costs! :-)