-
1. Re: Another DatabaseServerLoginModule problem
petertje May 24, 2003 9:25 AM (in response to hduijn)Did you refer to the 'facturatie' security domain in the jboss-web.xml and is this file packaged correctly in your war?
If this doesn't help, turn on debug tracing for the auth.spi modules and check the log for more info that might help you (or us helping you ;-)
Hth
Peter -
2. Re: Another DatabaseServerLoginModule problem
hduijn May 26, 2003 4:39 AM (in response to hduijn)Hi Peter,
My jboss-web.xml contains:
<jboss-web>
<security-domain>java:/jaas/facturatie</security-domain>
</jboss-web>
When I use the UsersRolesLoginModule like this...
<application-policy name = "facturatie">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>
...all works fine. I can logging based on the info in the users- and roles.properties files. So the domain stuff is working.
Turning on the TRACE level doesn't produce any output ?!?! I added the following to the log4j.xml:
...and the console says...
log4j: Retreiving an instance of org.apache.log4j.Logger.
log4j: Setting [org.jboss.security.auth.spi] additivity to [true].
log4j: Level value for org.jboss.security.auth.spi is [TRACE].
log4j: Desired Level sub-class: [org.jboss.logging.XLevel]
...however, no output concerning logging appears in the console. Any idea where things go wrong?
Hans -
3. Re: Another DatabaseServerLoginModule problem
petertje May 26, 2003 8:47 AM (in response to hduijn)Hans,
Your settings (jboss-web.xml, login-conf.xml) look fine to me. I've no idea why UsersRolesLogin is working and DbLogin is not.
However, the fact that turning TRACE level doesn't produce any output seems like a configuration error to me. If i run a simple test, i even get debug output without adding the trace-level stuff. So i suggest you check your log4j settings. Is there a threshold set on the console appender that is blocking the debug and trace messages?
Peter -
4. Re: Another DatabaseServerLoginModule problem
hduijn May 26, 2003 10:35 AM (in response to hduijn)Peter,
There was an 'INFO' treshold. I removed it and the console produced the following output:
16:23:04,080 INFO [JaasSecurityManagerService] Created securityMgr=org.jboss.se
curity.plugins.JaasSecurityManager@6dbe39
16:23:04,080 DEBUG [facturatie] CachePolicy set to: org.jboss.util.TimedCachePol
icy@639bf1
16:23:04,080 INFO [JaasSecurityManagerService] setCachePolicy, c=org.jboss.util
.TimedCachePolicy@639bf1
16:23:04,090 INFO [JaasSecurityManagerService] Added facturatie, org.jboss.secu
rity.plugins.SecurityDomainContext@131579 to map
16:23:04,260 TRACE [DatabaseServerLoginModule] initialize
16:23:04,260 TRACE [DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndi
Name=java:/MSSQLDS
16:23:04,260 TRACE [DatabaseServerLoginModule] principalsQuery=select log_passwo
rd from loginusers where log_name=?
16:23:04,260 TRACE [DatabaseServerLoginModule] rolesQuery=select logrol_role, 'R
oles' from loginroles where logrol_name=?
16:23:04,270 TRACE [DatabaseServerLoginModule] login
16:23:04,280 TRACE [DatabaseServerLoginModule] Authenticating as unauthenticated
Identity=null
16:23:04,420 DEBUG [IdleRemover] internalRegisterPool: registering pool with int
erval 900000 old interval: 9223372036854775807
16:23:04,420 DEBUG [IdleRemover] internalRegisterPool: about to notify thread: o
ld next: 1053959434420, new next: 1053959434420
16:23:04,420 DEBUG [LocalManagedConnectionFactory] Using properties: {user=sainv
, password=invoice}
16:23:04,420 DEBUG [LocalManagedConnectionFactory] Checking driver for URL: jdbc
:microsoft:sqlserver://ws000030:1433;DatabaseName=invoicing
16:23:04,420 DEBUG [LocalManagedConnectionFactory] Driver not yet registered for
url: jdbc:microsoft:sqlserver://ws000030:1433;DatabaseName=invoicing
16:23:04,470 DEBUG [LocalManagedConnectionFactory] Driver not yet registered for
url: jdbc:microsoft:sqlserver://ws000030:1433;DatabaseName=invoicing
16:23:04,571 DEBUG [LocalManagedConnectionFactory] Driver already registered for
url: jdbc:microsoft:sqlserver://ws000030:1433;DatabaseName=invoicing
16:23:08,466 TRACE [DatabaseServerLoginModule] abort
16:23:30,087 TRACE [DatabaseServerLoginModule] initialize
16:23:30,087 TRACE [DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndi
Name=java:/MSSQLDS
16:23:30,087 TRACE [DatabaseServerLoginModule] principalsQuery=select log_passwo
rd from loginusers where log_name=?
16:23:30,087 TRACE [DatabaseServerLoginModule] rolesQuery=select logrol_role, 'R
oles' from loginroles where logrol_name=?
16:23:30,087 TRACE [DatabaseServerLoginModule] login
16:23:30,147 TRACE [DatabaseServerLoginModule] User 'hduijn' authenticated, logi
nOk=true
16:23:30,147 TRACE [DatabaseServerLoginModule] commit, loginOk=true
...telling me that the logging is OK. Still my browser gives an 403 error (Access to the requested resource has been denied).
Any other idea?
Hans -
5. Re: Another DatabaseServerLoginModule problem
petertje May 26, 2003 5:42 PM (in response to hduijn)No, I'm puzzled.
There is one thing i'm missing in your trace, and that is logging from the JBossUserRealm, e.g.
DEBUG [JBossUserRealm#your-realm] authenticated: john
etc.
This is the org.jboss.jetty.security.JBossUserRealm log category, please check your log settings again.
Just looking at the stack trace, i'd say there is something wrong with the security defs in web.xml or that your servlet/jsp is behaving 'funny' - if it is not that you tested it with the users-roles module and got it working. Are you sure you didn't change more things between this two tests?
I'd suggest you attach your web.xml as well (you can attach files to your posts, i forgot how ;-).
Btw, which JBoss version are you using?
Regards,
Peter -
6. Re: Another DatabaseServerLoginModule problem
hduijn May 27, 2003 4:09 AM (in response to hduijn)Oeps, my fault,
Just mentioning the web.xml was enough. I put a constraint on the security like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
An example security config that only allows users with the
role InvAdmin to access the 'facturatie' web application
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>InvAdmin</role-name>
</auth-constraint>
</security-constraint>
But forgot to fill in this role 'InvAdmin' in the users database row. So, the JBoss server acted as it should. I was looking in the wrong direction but you helped me by mentioning the web.xml.
Thanks many times, problem solved.
Hans