5 Replies Latest reply on Oct 18, 2006 1:24 AM by jaikiran

Baffled using DatabaseServerLoginModule

fenilya May 1, 2004 7:09 AM

Hiyas,

Im trying to use the JBoss DatabaseServerLoginModule. I entered the following configuration in the login-config.xml file:

<application-policy name = "QuiverRealm">

<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/FirebirdDS</module-option>
<module-option name = "principalsQuery">select passwd from users where login=?</module-option>
<module-option name = "rolesQuery">select in_role, 'Roles' from v_userroles where login=?</module-option>
</login-module>

</application-policy>

In my authenticationbean, I have the following code in the login method:

public boolean login(String username, String password) throws LoginException {
authenticated = false;
char[] pwd = password.toCharArray();

LoginContext loginContext = new LoginContext("QuiverRealm", new UsernamePasswordHandler(username, pwd));

loginContext.login();
authenticated = true;

return authenticated;
}

Now, I made sure I tested with correct Username/Password combination a thousand times. Case sensitive and all that. Still, it tells me that my password is incorrect:

13:39:54,572 ERROR [STDERR] javax.security.auth.login.LoginException: Password Incorrect/Password Required

What am I missing here? Im baffled.

1. Re: Baffled using DatabaseServerLoginModule

starksm64 May 3, 2004 11:53 AM (in response to fenilya)
See if you can get anymore info out of the logs by setting the org.jboss.security category to TRACE level in the conf/log4j.xml file:

<category name="org.jboss.security"> <priority value="TRACE" class="org.jboss.logging.XLevel"/> </category>
Actions
2. Re: Baffled using DatabaseServerLoginModule

fenilya May 3, 2004 4:46 PM (in response to fenilya)

Thanks Scott for your suggestion. I see in the logs that indeed the prepared statement is :

select passwd from users where login=?

And the applied username is indeed the username I used (alex).
Also I see the following debug line:
23:18:22,864 DEBUG [DatabaseServerLoginModule] Bad password for username=alex

However, I wish I could see what password jboss is trying to match and what password he has retrieved, but I cant see that :(
Maybe I'll try remote debugging.
Actions
3. Re: Baffled using DatabaseServerLoginModule

fenilya May 3, 2004 5:44 PM (in response to fenilya)

So, I did some remote debugging in the DatabaseServerLogin class and it was all very simple as always...
I forgot I did a field conversion char -> varchar on the password field, and the tool I'm using for DB management viciously filled up the field with spaces, but didnt show them in the grid. Very nasty. So, this problem is solved now. Thanks for your reaction Scott.

Regards,
Alex
Actions
4. Re: Baffled using DatabaseServerLoginModule

haplo_3 Oct 18, 2006 1:01 AM (in response to fenilya)

im having the same problem now but im not using form im just using BASIC

how can i debug DatabaseServerLoginModule?
i dont see any msg in server.log
Actions
5. Re: Baffled using DatabaseServerLoginModule

jaikiran Oct 18, 2006 1:24 AM (in response to fenilya)

how can i debug DatabaseServerLoginModule?
i dont see any msg in server.log

Have a look at Q4 at:

http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ

to enable TRACE level logging of JBoss security packages.
Actions

Go to original post