JBoss 3.03 Tomcat bundle MySQL DatabaseServerLoginModule aut
tomj Dec 1, 2002 7:09 AMHi,
I have been trying pretty hard (ok extremely hard) to get J2EE form based authentication working against a MySQL database with users and roles using the DatabaseServerLoginModule and ConfiguredIdentityLoginModule (not sure at this point whether you need both). I am using the JBOSS Tomcat bundle "jboss-3.0.3_tomcat-4.1.12". I have managed to get the form to appear and challenge for a login. However, no matter what I type the application always redirects to the configured login error page. I am running on Windows 2000 Professional with "mysql-3.23.53-win" and the JDK includes Sun's "Java HotSpot(TM) Client VM (build 1.3.0-C, mixed mode)". I am running mysql-max-nt as a service with logging turned on (--log). I can therefore see that JBOSS NEVER talks to MySQL because there is nothing in the log :). However, the WebApp (which uses struts) configures a datasource via the "struts-config.xml" file to talk to MySQL. The application uses this datasource to store and retrieve data perfectly and I can see its queries in the MySQL logs. I have tried lots of combintaions of configurations from these links:
http://gd.tuwien.ac.at/infosys/servers/jboss/JBoss.3.0QuickStart.Draft4.pdf
http://www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22830.html//www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22830.html
http://jobs-nyc.com/index.jsp?template=jboss_3_3
http://jobs-nyc.com/index.jsp?template=jboss_4_2
http://jobs-nyc.com/index.jsp?template=jboss_4_3
Quote from Previous URL : "I can't get this to f@#$ing work...little point for documentation"
http://www.phil.cmu.edu/~wwheeler/jboss_db.html
http://www.purposesolutions.com/Resources/EclipseJ2EE.html
In my latest configuration (in common with a variety of others), there are no errors of any kind in the JBOSS logs and indeed no indication that any kind of authentication is taking place. I have attempted to increase the log4j logging level on JBOSS to DEBUG. However, probably as I am new to JBOSS this doesn't seem to have much affect (other than in the boot.log). I am a seasoned developer. Whilst I am new to JBOSS I have been working with WebSphere for years. I have noticed in the postings above that I am not alone in having trouble with getting this to work. It must be some configuration error. I would be better able to track it down if there was any indication at all from JBOSS that something was amiss!
Please help. I think that using JBOSS with MySQL as a database and J2EE security is probably a very common configuration that people would want to use as all of the system elements are more or less free. I hope that I have made a very silly configuration error. Please tell me what it is?
Tom
See below for my latest configuration
1) MySQL configuration taken from here (see section Installing MySQL): http://www.purposesolutions.com/Resources/EclipseJ2EE.html.
2) mysql-service.xml copied to the "...\default\deploy" folder from examples. This came with my distribution, so that is why I am basing my configuration on it. I like to only make the smallest changes that I think I need to. All I have done is uncomment this line: MySqlDbRealm in accordance with the instructions in the file and change the connection url. Now here is where I start to get confused. What is the relationship between "ConfiguredIdentityLoginModule" which the "mysql-service.xml" file indicates that you should put in "login-conf.xml" and "DatabaseServerLoginModule". I cannot see how having a "ConfiguredIdentityLoginModule" alone will allow JBOSS to interrogate MySQL for authentication. The "DatabaseServerLoginModule" configures the necessary queries. My best interpretation is that you need both, this seems to tally with what is presented here http://www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22830.html//www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22830.html even though this person seems to be having a similar problem to me, i.e. it doesn't work. Scott Stark doesn't seem to indicate that the configuration should be any different. Thanks Scott!
<?xml version="1.0" encoding="UTF-8"?>
<!-- ===================================================================== -->
<!-- -->
<!-- JBoss Server Configuration -->
<!-- -->
<!-- ===================================================================== -->
<!-- ==================================================================== -->
<!-- New ConnectionManager setup for mysql using 2.0.11 driver -->
<!-- Build jmx-api (build/build.sh all) and view for config documentation -->
<!-- ==================================================================== -->
<!-- Include a login module configuration named MySqlDbRealm.
Update your login-conf.xml, here is an example for a
ConfiguredIdentityLoginModule:
<application-policy name = "MySqlDbRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
<module-option name = "principal">yourprincipal</module-option>
<module-option name = "userName">yourusername</module-option>
<module-option name = "password">yourpassword</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MySqlDS</module-option>
</login-module>
</application-policy>
NOTE: the application-policy name attribute must match SecurityDomainJndiName, and the
module-option name = "managedConnectionFactoryName"
must match the object name of the ConnectionManager you are configuring here.
-->
MySqlDbRealm
<depends optional-attribute-name="ManagedConnectionFactoryName">
<!--embedded mbean-->
MySqlDS
<config-property name="ConnectionURL" type="java.lang.String">jdbc:mysql://localhost:3306/judge</config-property>
<config-property name="DriverClass" type="java.lang.String">org.gjt.mm.mysql.Driver</config-property>
<!--set these only if you want only default logins, not through JAAS -->
<config-property name="UserName" type="java.lang.String"></config-property>
<config-property name="Password" type="java.lang.String"></config-property>
<!--Below here are advanced properties -->
<!--hack-->
<depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper
<depends optional-attribute-name="ManagedConnectionPool">
<!--embedded mbean-->
0
50
5000
15
<!--criteria indicates if Subject (from security domain) or app supplied
parameters (such as from getConnection(user, pw)) are used to distinguish
connections in the pool. Choices are
ByContainerAndApplication (use both),
ByContainer (use Subject),
ByApplication (use app supplied params only),
ByNothing (all connections are equivalent, usually if adapter supports
reauthentication)-->
ByContainer
<depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager
<depends optional-attribute-name="JaasSecurityManagerService">jboss.security:service=JaasSecurityManager
java:/TransactionManager
<!--make the rar deploy! hack till better deployment-->
jboss.jca:service=RARDeployer
3) Here is the relevant portion of my "login-config.xml". Note that I put this at the beginning of the file just inside the policy element, so that it would be processed first. This may or may not be correct. Anyway as indicated earlier it doesn't work!
<application-policy name = "MySqlDbRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
<module-option name = "principal">root</module-option>
<module-option name = "userName">root</module-option>
<module-option name = "password">blah</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MySqlDS</module-option>
</login-module>
</application-policy>
<application-policy name = "jdbcRealm">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/MySqlDS</module-option>
<module-option name = "principalsQuery">select password from users username where username=?</module-option>
<module-option name = "rolesQuery">select role, roleGroup from userroles where username=?</module-option>
</login-module>
</application-policy>
4) I should mention that I did download and copy "mysql-connector-java-2.0.14-bin.jar" to the .../default/lib folder. My database user is the root user and has full access to everyhting. I have tried other users as well to no effect. As I mentioned earlier the struts datasource has no problem talking to MySQL. Extract from "struts-config.xml":
<data-sources>
<data-source>
<set-property property="driverClass"
value="org.gjt.mm.mysql.Driver" />
<set-property property="url"
value="jdbc:mysql://localhost/judge" />
<set-property property="maxCount"
value="5"/>
<set-property property="minCount"
value="1"/>
<set-property property="user"
value="root"/>
<set-property property="password"
value="blah"/>
</data-source>
</data-sources>
5) My "web.xml" looks like this. N.B. I have used "jdbcRealm" in this snapshot, I have also tried putting "MySqlDbRealm". Neither works or makes JBOSS display any different messages.
<web-app>
<display-name>WebSite</display-name>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!-- The Welcome File List -->
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-html.tld</taglib-location>
<security-constraint>
<display-name>admin</display-name>
<web-resource-collection>
<web-resource-name>Web Site</web-resource-name>
Web Site
<url-pattern>/app/*</url-pattern>
</web-resource-collection>
<auth-constraint>
Site Administration
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jdbcRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginerr.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
</web-app>
6) Here is my "jboss-web.xml". Again, I have also tried this with the "jdbcRealm" to no avail.
<jboss-web>
<security-domain>java:/jaas/MySqlDbRealm</security-domain>
<context-root>/home</context-root>
</jboss-web>
7) Finally, here is some log output.
boot.log
...
11:57:54,912 INFO [MainDeployer] Starting deployment of package: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
11:57:54,932 DEBUG [MainDeployer] Starting deployment (init step) of package at: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
11:57:54,932 DEBUG [UnifiedClassLoader] New jmx UCL with url file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/tmp/deploy/server/default/lib/mysql-connector-java-2.0.14-bin.jar/6.mysql-connector-java-2.0.14-bin.jar
11:57:54,932 DEBUG [UnifiedClassLoader] New jmx UCL with url file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/tmp/deploy/server/default/lib/mysql-connector-java-2.0.14-bin.jar/6.mysql-connector-java-2.0.14-bin.jar
11:57:54,932 DEBUG [UnifiedLoaderRepository2] Adding org.jboss.mx.loading.UnifiedClassLoader@1319c{ url=file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/tmp/deploy/server/default/lib/mysql-connector-java-2.0.14-bin.jar/6.mysql-connector-java-2.0.14-bin.jar }
11:57:54,962 DEBUG [JARDeployer] no xmls found
11:57:54,962 DEBUG [MainDeployer] using deployer org.jboss.deployment.JARDeployer@50a5d9
11:57:54,962 DEBUG [MainDeployer] found 0 subpackages of file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
11:57:54,962 DEBUG [MainDeployer] Watching new file: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
11:57:54,962 DEBUG [MainDeployer] create step for deployment file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
11:57:54,962 DEBUG [MainDeployer] Done with create step of deploying mysql-connector-java-2.0.14-bin.jar
11:57:54,962 DEBUG [MainDeployer] Begin deployment start file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
11:57:54,962 DEBUG [MainDeployer] End deployment start on package: mysql-connector-java-2.0.14-bin.jar
11:57:54,962 INFO [MainDeployer] Deployed package: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
11:57:55,002 DEBUG [SARDeployer] deployed classes for file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
...
server.log
...
2002-12-01 11:58:12,407 WARN [org.jboss.system.ServiceController] jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper does not implement any Service methods
2002-12-01 11:58:12,417 WARN [org.jboss.system.ServiceController] jboss.jca:service=LocalTxDS,name=hsqldbDS does not implement any Service methods
2002-12-01 11:58:12,427 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Creating
2002-12-01 11:58:12,467 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Created
2002-12-01 11:58:12,467 WARN [org.jboss.system.ServiceController] jboss.jca:service=LocalTxDS,name=MySqlDS does not implement any Service methods
2002-12-01 11:58:12,487 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Creating
2002-12-01 11:58:12,497 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Created
2002-12-01 11:58:12,537 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Starting
2002-12-01 11:58:12,617 INFO [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.DefaultDS] Bound connection factory for resource adapter 'JBoss LocalTransaction JDBC Wrapper' to JNDI name 'java:/DefaultDS'
2002-12-01 11:58:12,627 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Started
2002-12-01 11:58:12,638 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Starting
2002-12-01 11:58:12,688 INFO [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@5e222e
2002-12-01 11:58:12,708 INFO [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@15fb38
2002-12-01 11:58:12,718 INFO [org.jboss.security.plugins.JaasSecurityManagerService] Added MySqlDbRealm, org.jboss.security.plugins.SecurityDomainContext@20540c to map
2002-12-01 11:58:12,748 INFO [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.MySqlDS] Bound connection factory for resource adapter 'JBoss LocalTransaction JDBC Wrapper' to JNDI name 'java:/MySqlDS'
...
2002-12-01 11:58:17,014 INFO [org.jboss.web.localhost.Engine] ContextConfig[/home]: Configured an authenticator for method FORM
2002-12-01 11:58:18,756 INFO [org.jboss.web.catalina.EmbeddedCatalinaService41] Using Java2 parent classloader delegation: true
2002-12-01 11:58:18,766 INFO [org.jboss.web.localhost.Engine] StandardManager[/home]: Seeding random number generator class java.security.SecureRandom
2002-12-01 11:58:18,786 INFO [org.jboss.web.localhost.Engine] StandardManager[/home]: Seeding of random number generator has been completed
2002-12-01 11:58:18,806 INFO [org.jboss.web.localhost.Engine] StandardWrapper[/home:default]: Loading container servlet default
2002-12-01 11:58:20,058 INFO [org.jboss.web.localhost.Engine] StandardWrapper[/home:invoker]: Loading container servlet invoker
2002-12-01 11:58:20,098 INFO [org.jboss.deployment.MainDeployer] Deployed package: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/deploy/web-abacuswebsite.war
2002-12-01 11:58:20,118 INFO [org.jboss.deployment.scanner.URLDeploymentScanner] Started
2002-12-01 11:58:20,128 INFO [org.jboss.deployment.MainDeployer] Deployed package: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/conf/jboss-service.xml
2002-12-01 11:58:20,148 INFO [org.jboss.system.server.Server] JBoss (MX MicroKernel) [3.0.3 Date:200209301503] Started in 0m:26s:938ms
And nothing more.. even when I log in. If I change the domain in jboss-web.xml to "jdbcRealm" and hot redeploy the app. When I attempt to login the JBOSS server shows the output below. However, I can see in the MySQL logs that it still doesn't attempt to authenticate me.
2002-12-01 12:06:15,792 INFO [org.jboss.deployment.MainDeployer] Deployed package: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/deploy/ejb-abacuswebsite.jar
2002-12-01 12:06:45,896 INFO [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@3829d5
2002-12-01 12:06:45,896 INFO [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@429c19
2002-12-01 12:06:45,926 INFO [org.jboss.security.plugins.JaasSecurityManagerService] Added jdbcRealm, org.jboss.security.plugins.SecurityDomainContext@16318b to map