11 Replies Latest reply on Apr 1, 2003 1:43 PM by mickknutson

    DatabaseServerLoginModule

    mozheyko_d

      Hello all !

      I use jboss 3.0.6
      and FirebrdSQL 1.0.908 configured as DefaultDS

      I make all under the documentation
      1. Database

      create table users(
      username varchar(64) not null primary key,
      passwd varchar(64)
      ) ;

      create table userroles(
      username varchar(64),
      userroles varchar(32)
      );

      insert into users values( 'dimka', 'thepassword');
      insert into users values( 'vovka', 'drowssapeht');
      insert into users values( 'serega', 'elephant');

      insert into userroles values( 'dimka', 'admin');
      insert into userroles values( 'vovka', 'user');
      insert into userroles values( 'serega', 'viewer');

      2. /server/default/conf/login-config.xml

      <application-policy name = "FirebirdDBRealm">

      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
      <module-option name = "principal">sysdba</module-option>
      <module-option name = "userName">sysdba</module-option>
      <module-option name = "password">masterkey</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
      <module-option name = "principalsQuery">SELECT PASSWD FROM USERS WHERE USERNAME=?</module-option>
      <module-option name = "rolesQuery">SELECT USERROLES FROM USERROLES WHERE USERNAME=?</module-option>
      </login-module>

      </application-policy>

      3. jboss-web.xml of my WAR:
      ...
      <security-domain>java:/jaas/FirebirdDBRealm</security-domain>
      ...

      If i try to connect i see messages:

      14:19:02,441 DEBUG [JBossUserRealm#InternetSalon Administration] JBossUserPrincipal: dimka
      14:19:02,447 DEBUG [JBossUserRealm#InternetSalon Administration] created JBossUserRealm::JBossUserPrincipal: dimka
      14:19:02,448 DEBUG [JBossUserRealm#InternetSalon Administration] authenticating: Name:dm Password:****
      14:19:02,450 DEBUG [JBossUserRealm#InternetSalon Administration] authenticated: dimka
      14:19:02,452 DEBUG [JBossUserRealm#InternetSalon Administration] setting JAAS subjectAttributeName(j_subject) : Subject:
      Principal: sysdba
      Private Credential: javax.resource.spi.security.PasswordCredential@38000000

      14:19:02,453 DEBUG [JBossUserRealm#InternetSalon Administration] JBossUserPrincipal: dimka is NOT in Role: admin
      14:19:02,454 DEBUG [JBossUserRealm#InternetSalon Administration] JBossUserPrincipal: dimka is NOT in Role: user
      14:19:02,454 DEBUG [JBossUserRealm#InternetSalon Administration] JBossUserPrincipal: dimka is NOT in Role: viewer
      14:19:02,457 WARN [jbossweb] WARNING: AUTH FAILURE: role for dimka

      What I have overlooked or have made not so?

      Thanks
      Mozheyko D.

        • 1. Re: DatabaseServerLoginModule
          sdorato

          Your rolesQuery must return two columns:

          column 1: the role name
          column 2: the role group (e.g., 'Roles')

          Your query only returns one column. Change it to

          SELECT USERROLES, 'Roles' FROM USERROLES WHERE USERNAME=?

          Steve

          • 2. Re: DatabaseServerLoginModule
            mozheyko_d

            Unfortunately has not helped and the jboss output has unchanged when i use NONexisting username

            • 3. Re: DatabaseServerLoginModule
              nicut

              Try with the DatabaseServerLoginModule.

              <application-policy name = "YourDomain">

              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
              <module-option name="dsJndiName">java:/FirebirdDS</module-option>
              <module-option name="principalsQuery">SELECT PASSWD FROM USERS WHERE USERNAME=?</module-option>
              <module-option name="rolesQuery">SELECT USERROLES, 'Roles' FROM USERROLES WHERE USERNAME=?</module-option>-->
              <module-option name = "debug">true</module-option>

              </login-module>
              <login-module code="org.jboss.security.ClientLoginModule" flag="required">
              <module-option name="password-staking">useFirstPass</module-option>
              <module-option name="multi-thread">true</module-option>
              </login-module>

              </application-policy>

              jboss-web.xml :
              ...
              <security-domain>java:/jaas/YourDomain</security-domain>

              • 4. Re: DatabaseServerLoginModule
                mozheyko_d

                The data of users table
                username passwd
                ====================
                dimka thepassword
                vovka drowssapeht
                serega elephant

                The data of users table

                USERNAME USERROLES ROLEGROUP
                ====================================
                dimka admin admins
                vovka user users
                serega viewer users

                I have made as you have told and have received the message:

                13:00:48,490 DEBUG [JBossUserRealm#Main Servlet] authenticated: dimka
                13:00:48,491 DEBUG [JBossUserRealm#Main Servlet] setting JAAS subjectAttributeName(j_subject) : Subject:
                Principal: dimka
                Principal: admins

                13:00:48,491 DEBUG [JBossUserRealm#Main Servlet] JBossUserPrincipal: dimka is NOT in Role: admin
                13:00:48,491 DEBUG [JBossUserRealm#Main Servlet] JBossUserPrincipal: dimka is NOT in Role: user
                13:00:48,491 DEBUG [JBossUserRealm#Main Servlet] JBossUserPrincipal: dimka is NOT in Role: viewer
                13:00:48,492 WARN [jbossweb] WARNING: AUTH FAILURE: role for dimka

                • 5. Re: DatabaseServerLoginModule
                  nicut

                  Now in your userroles table are 3 columns?
                  If so, change your select with this:

                  <module-option name="rolesQuery">SELECT second_column_name, third_column_name FROM USERROLES WHERE USERNAME=?</module-option>

                  • 6. Re: DatabaseServerLoginModule
                    mozheyko_d

                    So all also is

                    • 7. Re: DatabaseServerLoginModule
                      mozheyko_d

                      I have made it!!! There is a second field in rolesQuery it should is impossible to select from base be always 'Roles'

                      • 8. Re: DatabaseServerLoginModule
                        mickknutson

                        I am very sorry, but I could not understand your sentance.
                        Can you please tell me what you did to get this to work. I have followed this entire thread, but _still_ have the same error.

                        • 9. Re: DatabaseServerLoginModule
                          mickknutson

                          I am very sorry, but I could not understand your sentance.
                          Can you please tell me what you did to get this to work. I have followed this entire thread, but _still_ have the same error.

                          • 10. Re: DatabaseServerLoginModule
                            mickknutson

                            I am very sorry, but I could not understand your sentance.
                            Can you please tell me what you did to get this to work. I have followed this entire thread, but _still_ have the same error.

                            • 11. Re: DatabaseServerLoginModule
                              mickknutson

                              I am sorry, but I did not understand your sentance.
                              What did you do to fix the issue?

                              I have the same error right now.