4 Replies Latest reply on Mar 8, 2004 8:33 AM by alisson

    Configuring JBoss for DatabaseServerLoginModule

    alisson

      Hi,
      How can I configure the JBoss 3.2.1 to work with DatabaseServerLoginModule
      to protect my servlets and jsp (i don't use EJB)? Which files should I configure? Actually I have configured jboss-web.xml, login-config.xml and my application web.xml. I am using Windows XP Professional and MySQL.

        • 1. Re: Configuring JBoss for DatabaseServerLoginModule
          cbuckley

          Step One: login-config.xml
          <application-policy name="example2">

          <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
          flag="required">
          <module-option name="dsJndiName">java:/<your_mysqlDS></module-option>
          <module-option name="principalsQuery">select password from usertable where username=?</module-option>
          <!-- below is how you cheat the roles, the result should produce rolename/'Roles'/'callerIdentity' -->
          <module-option name="rolesQuery">select 'Echo', 'Roles' from userdb where username=?</module-option>
          </login-module>

          </application-policy>

          Step Two: web.xml
          Add a security constraint like follows, notice the <role-name>Echo</role-name> just like your select above.
          <security-constraint>
          <web-resource-collection>
          <web-resource-name>Restricted</web-resource-name>
          Declarative security tests
          <url-pattern>/*</url-pattern>
          <http-method>HEAD</http-method>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
          <http-method>PUT</http-method>
          <http-method>DELETE</http-method>
          </web-resource-collection>
          <auth-constraint>
          <role-name>Echo</role-name>
          </auth-constraint>
          <user-data-constraint>
          no description
          <transport-guarantee>NONE</transport-guarantee>
          </user-data-constraint>
          </security-constraint>

          <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>JAAS Tutorial Servlets</realm-name>
          </login-config>

          <security-role>
          A user allowed to invoke echo methods
          <role-name>Echo</role-name>
          </security-role>
          <security-role>
          A user with no permissions
          <role-name>nobody</role-name>
          </security-role>

          Step Three: jboss-web.xml This is the name of your application-policy from step one.
          <security-domain>java:/jaas/example2</security-domain>

          That should do it.

          • 2. Re: Configuring JBoss for DatabaseServerLoginModule
            alisson

            I have done every steps you adviced but only when my application-policy is configured at login-config.xml, the JBoss show the below error message:


            16:51:20,815 ERROR [URLDeploymentScanner] MBeanException: Exception in MBean ope
            ration 'checkIncompleteDeployments()'
            Cause: Incomplete Deployment listing:
            Packages waiting for a deployer:

            Incompletely deployed packages:

            MBeans waiting for classes:

            MBeans waiting for other MBeans:
            [ObjectName: jboss.mq:service=InvocationLayer,type=HTTP
            state: CREATED
            I Depend On: jboss.mq:service=Invoker
            jboss.web:service=WebServer

            Depends On Me: , ObjectName: jboss.mq:service=InvocationLayer,type=JVM
            state: CREATED
            I Depend On: jboss.mq:service=Invoker

            Depends On Me: , ObjectName: jboss.mq:service=InvocationLayer,type=RMI
            state: CREATED
            I Depend On: jboss.mq:service=Invoker

            Depends On Me: , ObjectName: jboss.mq:service=InvocationLayer,type=OIL
            state: CREATED
            I Depend On: jboss.mq:service=Invoker

            Depends On Me: , ObjectName: jboss.mq:service=InvocationLayer,type=UIL
            state: CREATED
            I Depend On: jboss.mq:service=Invoker

            Depends On Me: , ObjectName: jboss.mq:service=InvocationLayer,type=OIL2
            state: CREATED
            I Depend On: jboss.mq:service=Invoker

            Depends On Me: , ObjectName: jboss.mq:service=InvocationLayer,type=UIL2
            state: CREATED
            I Depend On: jboss.mq:service=Invoker

            Depends On Me: , ObjectName: jboss.mq:service=Invoker
            state: CREATED
            I Depend On: jboss.mq:service=TracingInterceptor

            Depends On Me: jboss.mq:service=InvocationLayer,type=HTTP
            jboss.mq:service=InvocationLayer,type=JVM
            jboss.mq:service=InvocationLayer,type=RMI
            jboss.mq:service=InvocationLayer,type=OIL
            jboss.mq:service=InvocationLayer,type=UIL
            jboss.mq:service=InvocationLayer,type=OIL2
            jboss.mq:service=InvocationLayer,type=UIL2
            , ObjectName: jboss.mq:service=TracingInterceptor
            state: CREATED
            I Depend On: jboss.mq:service=SecurityManager

            Depends On Me: jboss.mq:service=Invoker
            , ObjectName: jboss.mq:service=SecurityManager
            state: CREATED
            I Depend On: jboss.mq:service=DestinationManager

            Depends On Me: jboss.mq:service=TracingInterceptor
            jboss.mq.destination:service=Queue,name=DLQ
            jboss.mq.destination:service=Topic,name=testTopic
            jboss.mq.destination:service=Topic,name=securedTopic
            jboss.mq.destination:service=Topic,name=testDurableTopic
            jboss.mq.destination:service=Queue,name=testQueue
            , ObjectName: jboss.mq:service=DestinationManager
            state: CREATED
            I Depend On: jboss.mq:service=PersistenceManager
            jboss.mq:service=StateManager

            Depends On Me: jboss.mq:service=SecurityManager
            jboss.mq.destination:service=Queue,name=DLQ
            jboss.mq.destination:service=Topic,name=testTopic
            jboss.mq.destination:service=Topic,name=securedTopic
            jboss.mq.destination:service=Topic,name=testDurableTopic
            jboss.mq.destination:service=Queue,name=testQueue
            jboss.mq.destination:service=Queue,name=A
            jboss.mq.destination:service=Queue,name=B
            jboss.mq.destination:service=Queue,name=C
            jboss.mq.destination:service=Queue,name=D
            jboss.mq.destination:service=Queue,name=ex
            , ObjectName: jboss.mq:service=PersistenceManager
            state: FAILED
            I Depend On: jboss.mq:service=MessageCache
            jboss.jca:service=LocalTxCM,name=DefaultDS

            Depends On Me: jboss.mq:service=DestinationManager
            java.lang.SecurityException: Invalid authentication attempt, principal=null, Obj
            ectName: jboss.mq.destination:service=Queue,name=DLQ
            state: CREATED
            I Depend On: jboss.mq:service=DestinationManager
            jboss.mq:service=SecurityManager

            Depends On Me: , ObjectName: jboss.mq.destination:service=Topic,name=testTopic
            state: CREATED
            I Depend On: jboss.mq:service=DestinationManager
            jboss.mq:service=SecurityManager

            Depends On Me: , ObjectName: jboss.mq.destination:service=Topic,name=securedTop
            ic
            state: CREATED
            I Depend On: jboss.mq:service=DestinationManager
            jboss.mq:service=SecurityManager

            Depends On Me: , ObjectName: jboss.mq.destination:service=Topic,name=testDurabl
            eTopic
            state: CREATED
            I Depend On: jboss.mq:service=DestinationManager
            jboss.mq:service=SecurityManager

            Depends On Me: , ObjectName: jboss.mq.destination:service=Queue,name=testQueue
            state: CREATED
            I Depend On: jboss.mq:service=DestinationManager
            jboss.mq:service=SecurityManager

            Depends On Me: , ObjectName: jboss.mq.destination:service=Queue,name=A
            state: CREATED
            I Depend On: jboss.mq:service=DestinationManager

            Depends On Me: , ObjectName: jboss.mq.destination:service=Queue,name=B
            state: CREATED
            I Depend On: jboss.mq:service=DestinationManager

            Depends On Me: , ObjectName: jboss.mq.destination:service=Queue,name=C
            state: CREATED
            I Depend On: jboss.mq:service=DestinationManager

            Depends On Me: , ObjectName: jboss.mq.destination:service=Queue,name=D
            state: CREATED
            I Depend On: jboss.mq:service=DestinationManager

            Depends On Me: , ObjectName: jboss.mq.destination:service=Queue,name=ex
            state: CREATED
            I Depend On: jboss.mq:service=DestinationManager

            Depends On Me: ]
            16:51:20,830 INFO [URLDeploymentScanner] Started
            16:51:20,908 INFO [MainDeployer] Deployed package: file:/C:/JBoss/server/teste/
            conf/jboss-service.xml
            16:51:20,908 INFO [Server] JBoss (MX MicroKernel) [3.2.1 (build: CVSTag=JBoss_3
            _2_1 date=200305041533)] Started in 37s:672ms


            My application-policy is configured like that:

            <application-policy name = "academicoApp">

            <login-module code ="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
            <module-option name="dsJndiName">java:/AcademicoDB</module-option>
            <module-option name="principalsQuery">select passwd from users where username=?</module-option>
            <!-- below is how you cheat the roles, the result should produce rolename/'Roles'/'callerIdentity' -->
            <module-option name="rolesQuery">select userRoles 'Role' from userroles where username=?</module-option>
            </login-module>

            </application-policy>

            • 3. Re: Configuring JBoss for DatabaseServerLoginModule
              martin0

              Did you get the JAAS howto working that Scott wrote?

              http://www.jboss.org/index.html?module=bb&op=viewtopic&t=46370

              Martin

              • 4. Re: Configuring JBoss for DatabaseServerLoginModule
                alisson

                I have configured everything but when my application-policy is configured the JBoss present this message during run. Anybody knows what is happening?

                11:05:48,218 WARN [XMLLoginConfigImpl] Failed to load config: file:/C:/JBoss/server/teste/conf/login-config.xml
                org.jboss.security.auth.login.ParseException: Encountered "<?xml" at line 1, column 1.
                Was expecting one of:

                ...

                at org.jboss.security.auth.login.SunConfigParser.generateParseException(SunConfigParser.java:389)
                at org.jboss.security.auth.login.SunConfigParser.jj_consume_token(SunConfigParser.java:327)
                at org.jboss.security.auth.login.SunConfigParser.config(SunConfigParser.java:98)
                at org.jboss.security.auth.login.SunConfigParser.parse(SunConfigParser.java:57)
                at org.jboss.security.auth.login.SunConfigParser.doParse(SunConfigParser.java:79)
                at org.jboss.security.auth.login.XMLLoginConfigImpl.loadSunConfig(XMLLoginConfigImpl.java:271)
                at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:255)
                at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:231)
                at org.jboss.security.auth.login.XMLLoginConfig.startService(XMLLoginConfig.java:152)
                at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:192)
                at sun.reflect.GeneratedMethodAccessor7.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
                at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:549)
                at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:966)
                at $Proxy0.start(Unknown Source)
                at org.jboss.system.ServiceController.start(ServiceController.java:392)
                at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
                at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:549)
                at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
                at $Proxy5.start(Unknown Source)
                at org.jboss.deployment.SARDeployer.start(SARDeployer.java:226)
                at org.jboss.deployment.MainDeployer.start(MainDeployer.java:832)
                at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:640)
                at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:613)
                at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:597)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
                at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:549)
                at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
                at $Proxy6.deploy(Unknown Source)
                at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:365)
                at org.jboss.system.server.ServerImpl.start(ServerImpl.java:272)
                at org.jboss.Main.boot(Main.java:150)
                at org.jboss.Main$1.run(Main.java:388)
                at java.lang.Thread.run(Thread.java:536)