14 Replies Latest reply on Feb 24, 2004 4:18 PM by rickarcmind

JBoss Security Roles Problem.... everyone is admin!

rickarcmind Feb 23, 2004 10:35 AM

I am having a problem with roles. A user called tomcat is in a role called admin, but should not be. I can login okay with the tomcat user but, the tomcat user can do everything an admin can do, which is not what I want. I then tried to programmatically see if tomcat user is an admin and he was.

JBoss security is setup as follows:

<application-policy name = "express">

<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">jdbc/mysql</module-option>
<module-option name = "principalsQuery">
select passwrd from app_user where username=?
</module-option>
<module-option name = "rolesQuery">
select role_name, 'Roles' from user_role where username=?
</module-option>
<module-option name="hashAlgorithm">SHA</module-option>
<module-option name="hashEncoding">base64</module-option>

</login-module>

</application-policy>

When I run the querries in the database workbench they seem to work as they should.

(I tried several combinations of encoding and hash to no avail).

It should be like this:
user tomcat is in the role "user"
user mraible is in the role "admin"

Here is the role table:
CREATE TABLE USER_ROLE
(
ID NUMERIC( 18, 0) NOT NULL,
USER_ID NUMERIC( 18, 0) NOT NULL,
USERNAME VARCHAR( 255) NOT NULL COLLATE NONE,
ROLE_NAME VARCHAR( 255) NOT NULL COLLATE NONE,
PRIMARY KEY (ID)
);

This query
select USER_NAME ROLENAME from USER_ROLE;
outputs this:

USER_NAME ROLENAME
tomcat user
mraible admin

Here is the DDL for the user table:
RECREATE TABLE APP_USER
(
ID NUMERIC( 18, 0) NOT NULL,
USERNAME VARCHAR( 40) NOT NULL COLLATE NONE,
PASSWRD VARCHAR( 150) NOT NULL COLLATE NONE,
FIRSTNAME VARCHAR( 40) NOT NULL COLLATE NONE,
LASTNAME VARCHAR( 40) NOT NULL COLLATE NONE,
EMAIL VARCHAR( 100) COLLATE NONE,
PHONENUMBER VARCHAR( 15) COLLATE NONE,
PASSWORDHINT VARCHAR( 40) COLLATE NONE,
INCREMENTBY FLOAT,
VER INTEGER,
PRIMARY KEY (ID)
);

The above has the following data:
ID,USERNAME,FIRSTNAME,EMAIL
1,"tomcat","Tomcat","matt_raible@yah.com"
2,"mraible","Matt","matt@raible.com"
3,"rick","Rick","rick@arc-mind.com"

1. Re: JBoss Security Roles Problem.... everyone is admin!

adrian.brock Feb 24, 2004 6:18 AM (in response to rickarcmind)

Your config looks ok to me.

What do you in log/server.log if you enable TRACE logging in conf/log4j.xml
for org.jboss.security.

Regards,
Adrian
Actions
2. Re: JBoss Security Roles Problem.... everyone is admin!

rickarcmind Feb 24, 2004 11:32 AM (in response to rickarcmind)

Excellent idea. I will try that.
Actions
3. Re: JBoss Security Roles Problem.... everyone is admin!

rickarcmind Feb 24, 2004 12:30 PM (in response to rickarcmind)

I tried it and it was not too telling. In fact, I only get the following:

[ INFO] 45:17 (JaasSecurityManagerService.java:newSecurityDomainCtx:494)
Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@4bd767

[DEBUG] 45:17 (JaasSecurityManager.java:setCachePolicy:181)
CachePolicy set to: org.jboss.util.TimedCachePolicy@1e75e08

[ INFO] 45:17 (JaasSecurityManagerService.java:setSecurityDomainCache:451)
setCachePolicy, c=org.jboss.util.TimedCachePolicy@1e75e08

[ INFO] 45:17 (JaasSecurityManagerService.java:lookupSecurityDomain:472)
Added HsqlDbRealm, org.jboss.security.plugins.SecurityDomainContext@ce623f to ma
p

[ INFO] 45:18 (JaasSecurityManagerService.java:newSecurityDomainCtx:494)
Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@1dbe135

[DEBUG] 45:18 (JaasSecurityManager.java:setCachePolicy:181)
CachePolicy set to: org.jboss.util.TimedCachePolicy@9e7d46

[ INFO] 45:18 (JaasSecurityManagerService.java:setSecurityDomainCache:451)
setCachePolicy, c=org.jboss.util.TimedCachePolicy@9e7d46

[ INFO] 45:18 (JaasSecurityManagerService.java:lookupSecurityDomain:472)
Added jbossmq, org.jboss.security.plugins.SecurityDomainContext@132b038 to map

[ INFO] 45:18 (JaasSecurityManagerService.java:newSecurityDomainCtx:494)
Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@ae7b77

[DEBUG] 45:18 (JaasSecurityManager.java:setCachePolicy:181)
CachePolicy set to: org.jboss.util.TimedCachePolicy@12bc407

[ INFO] 45:18 (JaasSecurityManagerService.java:setSecurityDomainCache:451)
setCachePolicy, c=org.jboss.util.TimedCachePolicy@12bc407

[ INFO] 45:18 (JaasSecurityManagerService.java:lookupSecurityDomain:472)
Added JmsXARealm, org.jboss.security.plugins.SecurityDomainContext@52d654 to map

It does not mention org.jboss.security.auth.spi.DatabaseServerLoginModule that I configured.

I wonder if I am missing something else. Like a mapping from jboss-web.xml to the DatabaseServerLoginModule that I configured.

Also, when I log into the site, I get nothing from org.jboss.security in my log file. That seems odd, in a bad.... not so good kind of way.

I added the following code:

manager.setUserName(request.getRemoteUser());
manager.setAdmin(request.isUserInRole("admin"));

log.debug(manager.getUserName());
log.debug("admin=" + manager.isAdmin());

It appears everyone is admin!

What is weirder is I can login using any password. Arrrrgggghhh! All of this worked with just plain Tomcat.
Actions
4. Re: JBoss Security Roles Problem.... everyone is admin!

adrian.brock Feb 24, 2004 1:04 PM (in response to rickarcmind)

I don't see any TRACE logging.
Do you still have a DEBUG filter on the file appender?

Regards,
Adrian
Actions
5. Re: JBoss Security Roles Problem.... everyone is admin!

adrian.brock Feb 24, 2004 1:05 PM (in response to rickarcmind)

Also, since you have a web app, enable TRACE for
org.jboss.web
as well.

Regards,
Adrian
Actions
6. Re: JBoss Security Roles Problem.... everyone is admin!

rickarcmind Feb 24, 2004 1:42 PM (in response to rickarcmind)

Here is what I get on startup:

[ INFO] 19:17 (ServiceMBeanSupport.java:start:220)
Started jboss.security:service=XMLLoginConfig

[DEBUG] 19:17 (ServiceMBeanSupport.java:start:187)
Starting

[DEBUG] 19:17 (JaasSecurityManagerService.java:startService:337)
securityMgrCtxPath=java:/jaas

[DEBUG] 19:17 (JaasSecurityManagerService.java:startService:343)
cachePolicyCtxPath=java:/timedCacheFactory

[DEBUG] 19:17 (JaasSecurityManagerService.java:startService:348)
SecurityProxyFactory=org.jboss.security.SubjectSecurityProxyFactory@eafb71

[ INFO] 19:17 (ServiceMBeanSupport.java:start:220)
Started jboss.security:service=JaasSecurityManager

[DEBUG] 19:19 (ServiceMBeanSupport.java:create:154)
Creating

[DEBUG] 19:19 (ServiceMBeanSupport.java:create:172)
Created

[DEBUG] 19:19 (ServiceMBeanSupport.java:start:187)
Starting

[DEBUG] 19:19 (EmbeddedTomcatService.java:startService:252)
Setting catalina debug level to: 0

[DEBUG] 19:19 (EmbeddedTomcatService.java:startService:268)
Setting catalina.home to: C:\tools\jboss-3.2.3\server\default

[DEBUG] 19:19 (EmbeddedTomcatService.java:startService:269)
Setting catalina.base to: C:\tools\jboss-3.2.3\server\default

[ INFO] 19:20 (Log4jLogger.java:log:149)
CoyoteConnector Coyote can't register jmx for protocol

[ INFO] 19:20 (Log4jLogger.java:log:149)
CoyoteConnector Coyote can't register jmx for protocol

[ INFO] 19:20 (EmbeddedTomcatService.java:startService:279)
OK

[DEBUG] 19:20 (AbstractWebContainer.java:init:276)
Begin init

[DEBUG] 19:20 (AbstractWebContainer.java:init:353)
End init

[DEBUG] 19:20 (AbstractWebContainer.java:start:418)
webContext: null

[DEBUG] 19:20 (AbstractWebContainer.java:start:419)
warURL: file:/C:/tools/jboss-3.2.3/server/default/deploy/http-invoker.sar/invoke
r.war/

[DEBUG] 19:20 (AbstractWebContainer.java:start:420)
webAppParser: org.jboss.web.AbstractWebContainer$DescriptorParser@1352447

[ INFO] 19:20 (EmbeddedTomcatService.java:performDeploy:306)
deploy, ctxPath=/invoker, warUrl=file:/C:/tools/jboss-3.2.3/server/default/deplo
y/http-invoker.sar/invoker.war/

[DEBUG] 19:20 (EmbeddedTomcatService.java:createWebContext:521)
Using session cookies default setting

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:555)
AbstractWebContainer.parseWebAppDescriptors, Begin

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:563)
Creating ENC using ClassLoader: java.net.FactoryURLClassLoader@1fc468e

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..org.jboss.mx.loading.UnifiedClassLoader3@180b22e{ url=file:/C:/tools/jboss-3.2
.3/server/default/deploy/http-invoker.sar/ ,addedOrder=3}

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..org.jboss.system.server.NoAnnotationURLClassLoader@13f3045

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..sun.misc.Launcher$AppClassLoader@e80a59

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..sun.misc.Launcher$ExtClassLoader@1ff5ea7

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:576)
Linked java:comp/UserTransaction to JNDI name: UserTransaction

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:585)
addEnvEntries

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:588)
linkResourceEnvRefs

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:591)
linkResourceRefs

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:594)
linkEjbRefs

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:597)
linkEjbLocalRefs

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:600)
linkSecurityDomain

[DEBUG] 19:20 (AbstractWebContainer.java:linkSecurityDomain:788)
Linking security/securityMgr to JNDI name: java:/jaas/http-invoker

[DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:602)
AbstractWebContainer.parseWebAppDescriptors, End

[ INFO] 19:21 (Log4jLogger.java:log:149)
SingleSignOnContextConfig[/invoker]: Added certificates -> request attribute Val
ve

[ INFO] 19:21 (Log4jLogger.java:log:149)
SingleSignOnContextConfig[/invoker]: Configured an authenticator for method BASI
C

[DEBUG] 19:21 (EmbeddedTomcatService.java:lifecycleEvent:536)
Context.lifecycleEvent, event=org.apache.catalina.LifecycleEvent[source=Standard
Engine[MainEngine].StandardHost[localhost].StandardContext[/invoker]]

[ WARN] 19:21 (EmbeddedTomcatService.java:contextInit:637)
Unable to invoke setDelegate on class loader:org.jboss.web.tomcat.tc4.WebCtxLoad
er$ENCLoader@14c7a98

[ INFO] 19:21 (Log4jLogger.java:log:149)
StandardManager[/invoker]: Seeding random number generator class java.security.S
ecureRandom

[ INFO] 19:21 (Log4jLogger.java:log:149)
StandardManager[/invoker]: Seeding of random number generator has been completed

[ INFO] 19:21 (Log4jLogger.java:log:149)
StandardWrapper[/invoker:default]: Loading container servlet default

[ INFO] 19:21 (Log4jLogger.java:log:149)
StandardWrapper[/invoker:invoker]: Loading container servlet invoker

[DEBUG] 19:22 (EmbeddedTomcatService.java:performDeploy:310)
Initialized: {WebApplication: /C:/tools/jboss-3.2.3/server/default/deploy/http-i
nvoker.sar/invoker.war/, URL: file:/C:/tools/jboss-3.2.3/server/default/deploy/h
ttp-invoker.sar/invoker.war/, classLoader: java.net.FactoryURLClassLoader@1fc468
e:33310350}

[ INFO] 19:22 (ServiceMBeanSupport.java:start:220)
Started jboss.web:service=WebServer

[DEBUG] 19:22 (AbstractWebContainer.java:init:276)
Begin init

[DEBUG] 19:22 (AbstractWebContainer.java:init:353)
End init

[DEBUG] 19:22 (AbstractWebContainer.java:start:418)
webContext: null

[DEBUG] 19:22 (AbstractWebContainer.java:start:419)
warURL: file:/C:/tools/jboss-3.2.3/server/default/deploy/jms/jbossmq-httpil.sar/
jbossmq-httpil.war/

[DEBUG] 19:22 (AbstractWebContainer.java:start:420)
webAppParser: org.jboss.web.AbstractWebContainer$DescriptorParser@1082277

[ INFO] 19:22 (EmbeddedTomcatService.java:performDeploy:306)
deploy, ctxPath=/jbossmq-httpil, warUrl=file:/C:/tools/jboss-3.2.3/server/defaul
t/deploy/jms/jbossmq-httpil.sar/jbossmq-httpil.war/

[DEBUG] 19:22 (EmbeddedTomcatService.java:createWebContext:521)
Using session cookies default setting

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:555)
AbstractWebContainer.parseWebAppDescriptors, Begin

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:563)
Creating ENC using ClassLoader: java.net.FactoryURLClassLoader@10eb535

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..org.jboss.mx.loading.UnifiedClassLoader3@1e5c339{ url=file:/C:/tools/jboss-3.2
.3/server/default/deploy/jms/jbossmq-httpil.sar/ ,addedOrder=6}

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..org.jboss.system.server.NoAnnotationURLClassLoader@13f3045

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..sun.misc.Launcher$AppClassLoader@e80a59

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..sun.misc.Launcher$ExtClassLoader@1ff5ea7

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:576)
Linked java:comp/UserTransaction to JNDI name: UserTransaction

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:585)
addEnvEntries

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:588)
linkResourceEnvRefs

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:591)
linkResourceRefs

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:594)
linkEjbRefs

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:597)
linkEjbLocalRefs

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:600)
linkSecurityDomain

[DEBUG] 19:22 (AbstractWebContainer.java:linkSecurityDomain:788)
Linking security/securityMgr to JNDI name: java:/jaas/jbossmq-httpil

[DEBUG] 19:22 (AbstractWebContainer.java:parseWebAppDescriptors:602)
AbstractWebContainer.parseWebAppDescriptors, End

[ INFO] 19:22 (Log4jLogger.java:log:149)
SingleSignOnContextConfig[/jbossmq-httpil]: Added certificates -> request attrib
ute Valve

[ INFO] 19:22 (Log4jLogger.java:log:149)
SingleSignOnContextConfig[/jbossmq-httpil]: Configured an authenticator for meth
od BASIC

[DEBUG] 19:22 (EmbeddedTomcatService.java:lifecycleEvent:536)
Context.lifecycleEvent, event=org.apache.catalina.LifecycleEvent[source=Standard
Engine[MainEngine].StandardHost[localhost].StandardContext[/jbossmq-httpil]]

[ WARN] 19:22 (EmbeddedTomcatService.java:contextInit:637)
Unable to invoke setDelegate on class loader:org.jboss.web.tomcat.tc4.WebCtxLoad
er$ENCLoader@39d811

[ INFO] 19:22 (Log4jLogger.java:log:149)
StandardManager[/jbossmq-httpil]: Seeding random number generator class java.sec
urity.SecureRandom

[ INFO] 19:22 (Log4jLogger.java:log:149)
StandardManager[/jbossmq-httpil]: Seeding of random number generator has been co
mpleted

[ INFO] 19:22 (Log4jLogger.java:log:149)
StandardWrapper[/jbossmq-httpil:default]: Loading container servlet default

[ INFO] 19:22 (Log4jLogger.java:log:149)
StandardWrapper[/jbossmq-httpil:invoker]: Loading container servlet invoker

[DEBUG] 19:22 (EmbeddedTomcatService.java:performDeploy:310)
Initialized: {WebApplication: /C:/tools/jboss-3.2.3/server/default/deploy/jms/jb
ossmq-httpil.sar/jbossmq-httpil.war/, URL: file:/C:/tools/jboss-3.2.3/server/def
ault/deploy/jms/jbossmq-httpil.sar/jbossmq-httpil.war/, classLoader: java.net.Fa
ctoryURLClassLoader@10eb535:17741109}

[ INFO] 19:27 (JaasSecurityManagerService.java:newSecurityDomainCtx:494)
Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@7a140f

[DEBUG] 19:27 (JaasSecurityManager.java:setCachePolicy:181)
CachePolicy set to: org.jboss.util.TimedCachePolicy@1079781

[ INFO] 19:27 (JaasSecurityManagerService.java:setSecurityDomainCache:451)
setCachePolicy, c=org.jboss.util.TimedCachePolicy@1079781

[ INFO] 19:27 (JaasSecurityManagerService.java:lookupSecurityDomain:472)
Added HsqlDbRealm, org.jboss.security.plugins.SecurityDomainContext@16bbeaf to m
ap

[ INFO] 19:27 (JaasSecurityManagerService.java:newSecurityDomainCtx:494)
Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@ae4f8b

[DEBUG] 19:27 (JaasSecurityManager.java:setCachePolicy:181)
CachePolicy set to: org.jboss.util.TimedCachePolicy@1e8614a

[ INFO] 19:27 (JaasSecurityManagerService.java:setSecurityDomainCache:451)
setCachePolicy, c=org.jboss.util.TimedCachePolicy@1e8614a

[ INFO] 19:27 (JaasSecurityManagerService.java:lookupSecurityDomain:472)
Added jbossmq, org.jboss.security.plugins.SecurityDomainContext@14b52aa to map

[ INFO] 19:28 (JaasSecurityManagerService.java:newSecurityDomainCtx:494)
Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@1443628

[DEBUG] 19:28 (JaasSecurityManager.java:setCachePolicy:181)
CachePolicy set to: org.jboss.util.TimedCachePolicy@13f903b

[ INFO] 19:28 (JaasSecurityManagerService.java:setSecurityDomainCache:451)
setCachePolicy, c=org.jboss.util.TimedCachePolicy@13f903b

[ INFO] 19:28 (JaasSecurityManagerService.java:lookupSecurityDomain:472)
Added JmsXARealm, org.jboss.security.plugins.SecurityDomainContext@164a8c to map

[DEBUG] 19:29 (AbstractWebContainer.java:init:276)
Begin init

[DEBUG] 19:29 (AbstractWebContainer.java:init:353)
End init

[DEBUG] 19:29 (AbstractWebContainer.java:start:418)
webContext: null

[DEBUG] 19:29 (AbstractWebContainer.java:start:419)
warURL: file:/C:/tools/jboss-3.2.3/server/default/deploy/express.war/

[DEBUG] 19:29 (AbstractWebContainer.java:start:420)
webAppParser: org.jboss.web.AbstractWebContainer$DescriptorParser@7cb66a

[ INFO] 19:29 (EmbeddedTomcatService.java:performDeploy:306)
deploy, ctxPath=/express, warUrl=file:/C:/tools/jboss-3.2.3/server/default/deplo
y/express.war/

[DEBUG] 19:30 (EmbeddedTomcatService.java:createWebContext:521)
Using session cookies default setting

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:555)
AbstractWebContainer.parseWebAppDescriptors, Begin

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:563)
Creating ENC using ClassLoader: java.net.FactoryURLClassLoader@2465e5

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..org.jboss.mx.loading.UnifiedClassLoader3@1df59bd{ url=file:/C:/tools/jboss-3.2
.3/server/default/deploy/express.war/ ,addedOrder=35}

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..org.jboss.system.server.NoAnnotationURLClassLoader@13f3045

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..sun.misc.Launcher$AppClassLoader@e80a59

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..sun.misc.Launcher$ExtClassLoader@1ff5ea7

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:576)
Linked java:comp/UserTransaction to JNDI name: UserTransaction

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:585)
addEnvEntries

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:588)
linkResourceEnvRefs

[DEBUG] 19:30 (AbstractWebContainer.java:linkResourceEnvRefs:640)
Linking 'jms/processStatus' to JNDI name: topic/processStatus

[DEBUG] 19:30 (AbstractWebContainer.java:linkResourceEnvRefs:640)
Linking 'jms/Wafer2DBQueue' to JNDI name: queue/Wafer2DBQueue

[DEBUG] 19:30 (AbstractWebContainer.java:linkResourceEnvRefs:640)
Linking 'jms/uploadStatus' to JNDI name: topic/uploadStatus

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:591)
linkResourceRefs

[DEBUG] 19:30 (AbstractWebContainer.java:linkResourceRefs:674)
Linking 'jdbc/mysql' to JNDI name: java:jdbc/mysql

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:594)
linkEjbRefs

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:597)
linkEjbLocalRefs

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:600)
linkSecurityDomain

[DEBUG] 19:30 (AbstractWebContainer.java:linkSecurityDomain:779)
Binding security/securityMgr to NullSecurityManager

[DEBUG] 19:30 (AbstractWebContainer.java:parseWebAppDescriptors:602)
AbstractWebContainer.parseWebAppDescriptors, End

[ INFO] 19:31 (Log4jLogger.java:log:149)
SingleSignOnContextConfig[/express]: Added certificates -> request attribute Val
ve

[ INFO] 19:31 (Log4jLogger.java:log:149)
SingleSignOnContextConfig[/express]: Configured an authenticator for method FORM

[DEBUG] 19:31 (EmbeddedTomcatService.java:lifecycleEvent:536)
Context.lifecycleEvent, event=org.apache.catalina.LifecycleEvent[source=Standard
Engine[MainEngine].StandardHost[localhost].StandardContext[/express]]

[ WARN] 19:31 (EmbeddedTomcatService.java:contextInit:637)
Unable to invoke setDelegate on class loader:org.jboss.web.tomcat.tc4.WebCtxLoad
er$ENCLoader@20a52f

[ INFO] 19:31 (Log4jLogger.java:log:149)
StandardManager[/express]: Seeding random number generator class java.security.S
ecureRandom

[ INFO] 19:31 (Log4jLogger.java:log:149)
StandardManager[/express]: Seeding of random number generator has been completed

[ INFO] 19:31 (Log4jLogger.java:log:149)
Loading root WebApplicationContext

[DEBUG] 19:35 (JMSTemplate.java:subscribeToTopicNonDurable:141)
Looked up topic with name 'java:comp/env/jms/uploadStatus'

[DEBUG] 19:35 (JMSTemplate.java:subscribeToTopicNonDurable:150)
MessageListener [com.testAdvantage.webapp.listener.StartupJMSStatusQueueListener
$UploadStatusListener@e2d0ab] subscribed OK to topic with name 'java:comp/env/jm
s/uploadStatus'

[DEBUG] 19:35 (JMSTemplate.java:subscribeToTopicNonDurable:141)
Looked up topic with name 'java:comp/env/jms/processStatus'

[DEBUG] 19:35 (JMSTemplate.java:subscribeToTopicNonDurable:150)
MessageListener [com.testAdvantage.webapp.listener.StartupJMSStatusQueueListener
$ProcessStatusListener@1e2350a] subscribed OK to topic with name 'java:comp/env/
jms/processStatus'

[ INFO] 19:35 (Log4jLogger.java:log:149)
StandardWrapper[/express:default]: Loading container servlet default

[DEBUG] 19:35 (ActionServlet.java:initServlet:1118)
Scanning web.xml for controller servlet mapping

[DEBUG] 19:35 (ActionServlet.java:addServletMapping:490)
Process servletName=action, urlPattern=*.do

[DEBUG] 19:35 (ActionServlet.java:addServletMapping:490)
Process servletName=register, urlPattern=/register/*

[DEBUG] 19:35 (ActionServlet.java:addServletMapping:490)
Process servletName=register, urlPattern=/passwordHint/*

[DEBUG] 19:35 (ActionServlet.java:addServletMapping:490)
Process servletName=login, urlPattern=/security/authorize/*

[DEBUG] 19:36 (ActionServlet.java:initServlet:1151)
Mapping for servlet 'action' = '*.do'

[DEBUG] 19:36 (ActionServlet.java:initModuleConfig:683)
Initializing module path '' configuration from '/WEB-INF/struts-config.xml'

[DEBUG] 19:36 (ActionServlet.java:initModuleMessageResources:905)
Initializing module path '' message resources from 'ApplicationResources'

[DEBUG] 19:36 (ActionServlet.java:initModuleDataSources:794)
Initializing module path '' data sources

[DEBUG] 19:36 (ActionServlet.java:initModulePlugIns:844)
Initializing module path '' plug ins

[DEBUG] 19:37 (ActionServlet.java:initModuleConfig:683)
Initializing module path '/upload' configuration from '/WEB-INF/struts-upload.xm
l'

[DEBUG] 19:37 (ActionServlet.java:initModuleMessageResources:905)
Initializing module path '/upload' message resources from 'UploadResources'

[DEBUG] 19:37 (ActionServlet.java:initModuleDataSources:794)
Initializing module path '/upload' data sources

[DEBUG] 19:37 (ActionServlet.java:initModulePlugIns:844)
Initializing module path '/upload' plug ins

[ INFO] 19:37 (Log4jLogger.java:log:149)
StandardWrapper[/express:invoker]: Loading container servlet invoker

[DEBUG] 19:37 (EmbeddedTomcatService.java:performDeploy:310)
Initialized: {WebApplication: /C:/tools/jboss-3.2.3/server/default/deploy/expres
s.war/, URL: file:/C:/tools/jboss-3.2.3/server/default/deploy/express.war/, clas
sLoader: java.net.FactoryURLClassLoader@2465e5:2385381}

[DEBUG] 19:37 (AbstractWebContainer.java:init:276)
Begin init

[DEBUG] 19:37 (AbstractWebContainer.java:init:353)
End init

[DEBUG] 19:37 (AbstractWebContainer.java:start:418)
webContext: null

[DEBUG] 19:37 (AbstractWebContainer.java:start:419)
warURL: file:/C:/tools/jboss-3.2.3/server/default/deploy/jmx-console.war/

[DEBUG] 19:37 (AbstractWebContainer.java:start:420)
webAppParser: org.jboss.web.AbstractWebContainer$DescriptorParser@16091de

[ INFO] 19:37 (EmbeddedTomcatService.java:performDeploy:306)
deploy, ctxPath=/jmx-console, warUrl=file:/C:/tools/jboss-3.2.3/server/default/d
eploy/jmx-console.war/

[DEBUG] 19:37 (EmbeddedTomcatService.java:createWebContext:521)
Using session cookies default setting

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:555)
AbstractWebContainer.parseWebAppDescriptors, Begin

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:563)
Creating ENC using ClassLoader: java.net.FactoryURLClassLoader@108b095

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..org.jboss.mx.loading.UnifiedClassLoader3@1743be{ url=file:/C:/tools/jboss-3.2.
3/server/default/deploy/jmx-console.war/ ,addedOrder=36}

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..org.jboss.system.server.NoAnnotationURLClassLoader@13f3045

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..sun.misc.Launcher$AppClassLoader@e80a59

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..sun.misc.Launcher$ExtClassLoader@1ff5ea7

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:576)
Linked java:comp/UserTransaction to JNDI name: UserTransaction

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:585)
addEnvEntries

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:588)
linkResourceEnvRefs

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:591)
linkResourceRefs

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:594)
linkEjbRefs

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:597)
linkEjbLocalRefs

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:600)
linkSecurityDomain

[DEBUG] 19:37 (AbstractWebContainer.java:linkSecurityDomain:779)
Binding security/securityMgr to NullSecurityManager

[DEBUG] 19:37 (AbstractWebContainer.java:parseWebAppDescriptors:602)
AbstractWebContainer.parseWebAppDescriptors, End

[ INFO] 19:37 (Log4jLogger.java:log:149)
SingleSignOnContextConfig[/jmx-console]: Added certificates -> request attribute
Valve

[DEBUG] 19:37 (EmbeddedTomcatService.java:lifecycleEvent:536)
Context.lifecycleEvent, event=org.apache.catalina.LifecycleEvent[source=Standard
Engine[MainEngine].StandardHost[localhost].StandardContext[/jmx-console]]

[ WARN] 19:37 (EmbeddedTomcatService.java:contextInit:637)
Unable to invoke setDelegate on class loader:org.jboss.web.tomcat.tc4.WebCtxLoad
er$ENCLoader@1219b8c

[ INFO] 19:37 (Log4jLogger.java:log:149)
StandardManager[/jmx-console]: Seeding random number generator class java.securi
ty.SecureRandom

[ INFO] 19:37 (Log4jLogger.java:log:149)
StandardManager[/jmx-console]: Seeding of random number generator has been compl
eted

[ INFO] 19:37 (Log4jLogger.java:log:149)
StandardWrapper[/jmx-console:default]: Loading container servlet default

[ INFO] 19:37 (Log4jLogger.java:log:149)
StandardWrapper[/jmx-console:invoker]: Loading container servlet invoker

[DEBUG] 19:37 (EmbeddedTomcatService.java:performDeploy:310)
Initialized: {WebApplication: /C:/tools/jboss-3.2.3/server/default/deploy/jmx-co
nsole.war/, URL: file:/C:/tools/jboss-3.2.3/server/default/deploy/jmx-console.wa
r/, classLoader: java.net.FactoryURLClassLoader@108b095:17346709}

[DEBUG] 19:37 (AbstractWebContainer.java:init:276)
Begin init

[DEBUG] 19:37 (AbstractWebContainer.java:init:299)
Unpacking war to: C:\tools\jboss-3.2.3\server\default\tmp\deploy\tmp10693web-con
sole.war

[DEBUG] 19:38 (AbstractWebContainer.java:init:303)
Replaced war with unpacked contents

[DEBUG] 19:38 (AbstractWebContainer.java:init:307)
Deleted war archive

[DEBUG] 19:38 (AbstractWebContainer.java:init:353)
End init

[DEBUG] 19:38 (AbstractWebContainer.java:start:418)
webContext: null

[DEBUG] 19:38 (AbstractWebContainer.java:start:419)
warURL: file:/C:/tools/jboss-3.2.3/server/default/tmp/deploy/tmp10693web-console
.war/

[DEBUG] 19:38 (AbstractWebContainer.java:start:420)
webAppParser: org.jboss.web.AbstractWebContainer$DescriptorParser@5ec940

[ INFO] 19:38 (EmbeddedTomcatService.java:performDeploy:306)
deploy, ctxPath=/web-console, warUrl=file:/C:/tools/jboss-3.2.3/server/default/t
mp/deploy/tmp10693web-console.war/

[DEBUG] 19:38 (EmbeddedTomcatService.java:createWebContext:521)
Using session cookies default setting

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:555)
AbstractWebContainer.parseWebAppDescriptors, Begin

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:563)
Creating ENC using ClassLoader: java.net.FactoryURLClassLoader@eeb406

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..org.jboss.mx.loading.UnifiedClassLoader3@551ee3{ url=file:/C:/tools/jboss-3.2.
3/server/default/tmp/deploy/tmp10693web-console.war/ ,addedOrder=37}

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..org.jboss.system.server.NoAnnotationURLClassLoader@13f3045

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..sun.misc.Launcher$AppClassLoader@e80a59

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:567)
..sun.misc.Launcher$ExtClassLoader@1ff5ea7

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:576)
Linked java:comp/UserTransaction to JNDI name: UserTransaction

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:585)
addEnvEntries

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:588)
linkResourceEnvRefs

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:591)
linkResourceRefs

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:594)
linkEjbRefs

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:597)
linkEjbLocalRefs

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:600)
linkSecurityDomain

[DEBUG] 19:38 (AbstractWebContainer.java:linkSecurityDomain:779)
Binding security/securityMgr to NullSecurityManager

[DEBUG] 19:38 (AbstractWebContainer.java:parseWebAppDescriptors:602)
AbstractWebContainer.parseWebAppDescriptors, End

[ INFO] 19:38 (Log4jLogger.java:log:149)
SingleSignOnContextConfig[/web-console]: Added certificates -> request attribute
Valve

[DEBUG] 19:38 (EmbeddedTomcatService.java:lifecycleEvent:536)
Context.lifecycleEvent, event=org.apache.catalina.LifecycleEvent[source=Standard
Engine[MainEngine].StandardHost[localhost].StandardContext[/web-console]]

[ WARN] 19:38 (EmbeddedTomcatService.java:contextInit:637)
Unable to invoke setDelegate on class loader:org.jboss.web.tomcat.tc4.WebCtxLoad
er$ENCLoader@1ee4dbe

[ INFO] 19:38 (Log4jLogger.java:log:149)
StandardManager[/web-console]: Seeding random number generator class java.securi
ty.SecureRandom

[ INFO] 19:38 (Log4jLogger.java:log:149)
StandardManager[/web-console]: Seeding of random number generator has been compl
eted

[ INFO] 19:38 (Log4jLogger.java:log:149)
StandardWrapper[/web-console:default]: Loading container servlet default

[ INFO] 19:39 (Log4jLogger.java:log:149)
StandardWrapper[/web-console:invoker]: Loading container servlet invoker

[DEBUG] 19:39 (EmbeddedTomcatService.java:performDeploy:310)
Initialized: {WebApplication: /C:/tools/jboss-3.2.3/server/default/tmp/deploy/tm
p10693web-console.war/, URL: file:/C:/tools/jboss-3.2.3/server/default/tmp/deplo
y/tmp10693web-console.war/, classLoader: java.net.FactoryURLClassLoader@eeb406:1
5643654}
Actions
7. Re: JBoss Security Roles Problem.... everyone is admin!

adrian.brock Feb 24, 2004 2:32 PM (in response to rickarcmind)

It says it is using the NullSecurityManager.

Do you have
<jboss-web>
<security-domain>express</security-domain>
etc.

in your WEB-INF/jboss-web.xml?

Regards,
Adrian
Actions
8. Re: JBoss Security Roles Problem.... everyone is admin!

rickarcmind Feb 24, 2004 2:34 PM (in response to rickarcmind)

Nope. Thanks. I'll try that.....
Actions
9. Re: JBoss Security Roles Problem.... everyone is admin!

rickarcmind Feb 24, 2004 2:45 PM (in response to rickarcmind)

The good news is I can't login which means I am not using the NullSecurityManager. The bad news is I can't login. I get the following exception:

javax.naming.NamingException: Could not dereference object [Root exception is ja
vax.naming.NameNotFoundException: express not bound]
at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:970)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:613)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:507)
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBos
sSecurityMgrRealm.java:276)
at org.jboss.web.tomcat.tc4.authenticator.FormAuthenticator.authenticate
(FormAuthenticator.java:320)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:481)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve
.java:246)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(Contai
nerStatsValve.java:76)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)

at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:
2417)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche
rValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit
yAssociationValve.java:65)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
577)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)

at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:19
7)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:781)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
ssConnection(Http11Protocol.java:549)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
:605)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:677)
at java.lang.Thread.run(Thread.java:534)
Caused by: javax.naming.NameNotFoundException: express not bound
at org.jnp.server.NamingServer.getBinding(NamingServer.java:495)
at org.jnp.server.NamingServer.getBinding(NamingServer.java:503)
at org.jnp.server.NamingServer.getObject(NamingServer.java:509)
at org.jnp.server.NamingServer.lookup(NamingServer.java:282)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:528)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:507)
at javax.naming.InitialContext.lookup(InitialContext.java:347)
at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:964)
Actions
10. Re: JBoss Security Roles Problem.... everyone is admin!

adrian.brock Feb 24, 2004 3:03 PM (in response to rickarcmind)

Apologies, I gave you a bum steer.

It should be
<security-domain>java:/jaas/express</security-domain>

Where "express" is your login-config application policy name?

Regards,
Adrian
Actions
11. Re: JBoss Security Roles Problem.... everyone is admin!

rickarcmind Feb 24, 2004 3:12 PM (in response to rickarcmind)

Apologies, heck! You ROCK! Thanks for your help.

Cool. I'll try it.
Actions
12. Re: JBoss Security Roles Problem.... everyone is admin!

rickarcmind Feb 24, 2004 3:51 PM (in response to rickarcmind)

I was missing the java:/ in front of jdbc/mysql....

<module-option name = "dsJndiName">java:/jdbc/mysql</module-option>
Actions
13. Re: JBoss Security Roles Problem.... everyone is admin!

rickarcmind Feb 24, 2004 4:00 PM (in response to rickarcmind)

[DEBUG] 32:04 (JaasSecurityManager.java:authenticate:458)
Login failure

javax.security.auth.login.FailedLoginException: Password Incorrect/Password Requ
ired
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(Usernam
ePasswordLoginModule.java:154)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
29)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java
Actions
14. Re: JBoss Security Roles Problem.... everyone is admin!

rickarcmind Feb 24, 2004 4:18 PM (in response to rickarcmind)

Thank you. Thank you. Thank you. It looks like it is finally working..... YEAH!

Turns out I did not want to use any encryption because the Servlet in my system already does it as well. Here is the final jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">

<jboss-web>


<security-domain>java:/jaas/expressDomain</security-domain>

.
.
.
</jboss-web>

Here is the final security domain setup....

<application-policy name = "expressDomain">

<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/jdbc/mysql</module-option>
<module-option name = "principalsQuery">
select passwrd from app_user where username=?
</module-option>
<module-option name = "rolesQuery">
select role_name, 'Roles' from user_role where username=?
</module-option>



</login-module>

</application-policy>

Thanks again!

Rick Hightower
Actions

Go to original post