-
1. Re: Configuring JBoss for DatabaseServerLoginModule
cbuckley Mar 4, 2004 12:28 PM (in response to alisson)Step One: login-config.xml
<application-policy name="example2">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="dsJndiName">java:/<your_mysqlDS></module-option>
<module-option name="principalsQuery">select password from usertable where username=?</module-option>
<!-- below is how you cheat the roles, the result should produce rolename/'Roles'/'callerIdentity' -->
<module-option name="rolesQuery">select 'Echo', 'Roles' from userdb where username=?</module-option>
</login-module>
</application-policy>
Step Two: web.xml
Add a security constraint like follows, notice the <role-name>Echo</role-name> just like your select above.
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
Declarative security tests
<url-pattern>/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Echo</role-name>
</auth-constraint>
<user-data-constraint>
no description
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JAAS Tutorial Servlets</realm-name>
</login-config>
<security-role>
A user allowed to invoke echo methods
<role-name>Echo</role-name>
</security-role>
<security-role>
A user with no permissions
<role-name>nobody</role-name>
</security-role>
Step Three: jboss-web.xml This is the name of your application-policy from step one.
<security-domain>java:/jaas/example2</security-domain>
That should do it. -
2. Re: Configuring JBoss for DatabaseServerLoginModule
alisson Mar 4, 2004 2:17 PM (in response to alisson)I have done every steps you adviced but only when my application-policy is configured at login-config.xml, the JBoss show the below error message:
16:51:20,815 ERROR [URLDeploymentScanner] MBeanException: Exception in MBean ope
ration 'checkIncompleteDeployments()'
Cause: Incomplete Deployment listing:
Packages waiting for a deployer:
Incompletely deployed packages:
MBeans waiting for classes:
MBeans waiting for other MBeans:
[ObjectName: jboss.mq:service=InvocationLayer,type=HTTP
state: CREATED
I Depend On: jboss.mq:service=Invoker
jboss.web:service=WebServer
Depends On Me: , ObjectName: jboss.mq:service=InvocationLayer,type=JVM
state: CREATED
I Depend On: jboss.mq:service=Invoker
Depends On Me: , ObjectName: jboss.mq:service=InvocationLayer,type=RMI
state: CREATED
I Depend On: jboss.mq:service=Invoker
Depends On Me: , ObjectName: jboss.mq:service=InvocationLayer,type=OIL
state: CREATED
I Depend On: jboss.mq:service=Invoker
Depends On Me: , ObjectName: jboss.mq:service=InvocationLayer,type=UIL
state: CREATED
I Depend On: jboss.mq:service=Invoker
Depends On Me: , ObjectName: jboss.mq:service=InvocationLayer,type=OIL2
state: CREATED
I Depend On: jboss.mq:service=Invoker
Depends On Me: , ObjectName: jboss.mq:service=InvocationLayer,type=UIL2
state: CREATED
I Depend On: jboss.mq:service=Invoker
Depends On Me: , ObjectName: jboss.mq:service=Invoker
state: CREATED
I Depend On: jboss.mq:service=TracingInterceptor
Depends On Me: jboss.mq:service=InvocationLayer,type=HTTP
jboss.mq:service=InvocationLayer,type=JVM
jboss.mq:service=InvocationLayer,type=RMI
jboss.mq:service=InvocationLayer,type=OIL
jboss.mq:service=InvocationLayer,type=UIL
jboss.mq:service=InvocationLayer,type=OIL2
jboss.mq:service=InvocationLayer,type=UIL2
, ObjectName: jboss.mq:service=TracingInterceptor
state: CREATED
I Depend On: jboss.mq:service=SecurityManager
Depends On Me: jboss.mq:service=Invoker
, ObjectName: jboss.mq:service=SecurityManager
state: CREATED
I Depend On: jboss.mq:service=DestinationManager
Depends On Me: jboss.mq:service=TracingInterceptor
jboss.mq.destination:service=Queue,name=DLQ
jboss.mq.destination:service=Topic,name=testTopic
jboss.mq.destination:service=Topic,name=securedTopic
jboss.mq.destination:service=Topic,name=testDurableTopic
jboss.mq.destination:service=Queue,name=testQueue
, ObjectName: jboss.mq:service=DestinationManager
state: CREATED
I Depend On: jboss.mq:service=PersistenceManager
jboss.mq:service=StateManager
Depends On Me: jboss.mq:service=SecurityManager
jboss.mq.destination:service=Queue,name=DLQ
jboss.mq.destination:service=Topic,name=testTopic
jboss.mq.destination:service=Topic,name=securedTopic
jboss.mq.destination:service=Topic,name=testDurableTopic
jboss.mq.destination:service=Queue,name=testQueue
jboss.mq.destination:service=Queue,name=A
jboss.mq.destination:service=Queue,name=B
jboss.mq.destination:service=Queue,name=C
jboss.mq.destination:service=Queue,name=D
jboss.mq.destination:service=Queue,name=ex
, ObjectName: jboss.mq:service=PersistenceManager
state: FAILED
I Depend On: jboss.mq:service=MessageCache
jboss.jca:service=LocalTxCM,name=DefaultDS
Depends On Me: jboss.mq:service=DestinationManager
java.lang.SecurityException: Invalid authentication attempt, principal=null, Obj
ectName: jboss.mq.destination:service=Queue,name=DLQ
state: CREATED
I Depend On: jboss.mq:service=DestinationManager
jboss.mq:service=SecurityManager
Depends On Me: , ObjectName: jboss.mq.destination:service=Topic,name=testTopic
state: CREATED
I Depend On: jboss.mq:service=DestinationManager
jboss.mq:service=SecurityManager
Depends On Me: , ObjectName: jboss.mq.destination:service=Topic,name=securedTop
ic
state: CREATED
I Depend On: jboss.mq:service=DestinationManager
jboss.mq:service=SecurityManager
Depends On Me: , ObjectName: jboss.mq.destination:service=Topic,name=testDurabl
eTopic
state: CREATED
I Depend On: jboss.mq:service=DestinationManager
jboss.mq:service=SecurityManager
Depends On Me: , ObjectName: jboss.mq.destination:service=Queue,name=testQueue
state: CREATED
I Depend On: jboss.mq:service=DestinationManager
jboss.mq:service=SecurityManager
Depends On Me: , ObjectName: jboss.mq.destination:service=Queue,name=A
state: CREATED
I Depend On: jboss.mq:service=DestinationManager
Depends On Me: , ObjectName: jboss.mq.destination:service=Queue,name=B
state: CREATED
I Depend On: jboss.mq:service=DestinationManager
Depends On Me: , ObjectName: jboss.mq.destination:service=Queue,name=C
state: CREATED
I Depend On: jboss.mq:service=DestinationManager
Depends On Me: , ObjectName: jboss.mq.destination:service=Queue,name=D
state: CREATED
I Depend On: jboss.mq:service=DestinationManager
Depends On Me: , ObjectName: jboss.mq.destination:service=Queue,name=ex
state: CREATED
I Depend On: jboss.mq:service=DestinationManager
Depends On Me: ]
16:51:20,830 INFO [URLDeploymentScanner] Started
16:51:20,908 INFO [MainDeployer] Deployed package: file:/C:/JBoss/server/teste/
conf/jboss-service.xml
16:51:20,908 INFO [Server] JBoss (MX MicroKernel) [3.2.1 (build: CVSTag=JBoss_3
_2_1 date=200305041533)] Started in 37s:672ms
My application-policy is configured like that:
<application-policy name = "academicoApp">
<login-module code ="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name="dsJndiName">java:/AcademicoDB</module-option>
<module-option name="principalsQuery">select passwd from users where username=?</module-option>
<!-- below is how you cheat the roles, the result should produce rolename/'Roles'/'callerIdentity' -->
<module-option name="rolesQuery">select userRoles 'Role' from userroles where username=?</module-option>
</login-module>
</application-policy> -
3. Re: Configuring JBoss for DatabaseServerLoginModule
martin0 Mar 5, 2004 10:14 AM (in response to alisson)Did you get the JAAS howto working that Scott wrote?
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=46370
Martin -
4. Re: Configuring JBoss for DatabaseServerLoginModule
alisson Mar 8, 2004 8:33 AM (in response to alisson)I have configured everything but when my application-policy is configured the JBoss present this message during run. Anybody knows what is happening?
11:05:48,218 WARN [XMLLoginConfigImpl] Failed to load config: file:/C:/JBoss/server/teste/conf/login-config.xml
org.jboss.security.auth.login.ParseException: Encountered "<?xml" at line 1, column 1.
Was expecting one of:
...
at org.jboss.security.auth.login.SunConfigParser.generateParseException(SunConfigParser.java:389)
at org.jboss.security.auth.login.SunConfigParser.jj_consume_token(SunConfigParser.java:327)
at org.jboss.security.auth.login.SunConfigParser.config(SunConfigParser.java:98)
at org.jboss.security.auth.login.SunConfigParser.parse(SunConfigParser.java:57)
at org.jboss.security.auth.login.SunConfigParser.doParse(SunConfigParser.java:79)
at org.jboss.security.auth.login.XMLLoginConfigImpl.loadSunConfig(XMLLoginConfigImpl.java:271)
at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:255)
at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:231)
at org.jboss.security.auth.login.XMLLoginConfig.startService(XMLLoginConfig.java:152)
at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:192)
at sun.reflect.GeneratedMethodAccessor7.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:549)
at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:966)
at $Proxy0.start(Unknown Source)
at org.jboss.system.ServiceController.start(ServiceController.java:392)
at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:549)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
at $Proxy5.start(Unknown Source)
at org.jboss.deployment.SARDeployer.start(SARDeployer.java:226)
at org.jboss.deployment.MainDeployer.start(MainDeployer.java:832)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:640)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:613)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:597)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:549)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
at $Proxy6.deploy(Unknown Source)
at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:365)
at org.jboss.system.server.ServerImpl.start(ServerImpl.java:272)
at org.jboss.Main.boot(Main.java:150)
at org.jboss.Main$1.run(Main.java:388)
at java.lang.Thread.run(Thread.java:536)