5 Replies Latest reply on Oct 18, 2006 1:24 AM by jaikiran

    Baffled using DatabaseServerLoginModule

    fenilya

      Hiyas,

      Im trying to use the JBoss DatabaseServerLoginModule. I entered the following configuration in the login-config.xml file:

      <application-policy name = "QuiverRealm">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name = "dsJndiName">java:/FirebirdDS</module-option>
      <module-option name = "principalsQuery">select passwd from users where login=?</module-option>
      <module-option name = "rolesQuery">select in_role, 'Roles' from v_userroles where login=?</module-option>
      </login-module>

      </application-policy>

      In my authenticationbean, I have the following code in the login method:

      public boolean login(String username, String password) throws LoginException {
      authenticated = false;
      char[] pwd = password.toCharArray();

      LoginContext loginContext = new LoginContext("QuiverRealm", new UsernamePasswordHandler(username, pwd));

      loginContext.login();
      authenticated = true;

      return authenticated;
      }

      Now, I made sure I tested with correct Username/Password combination a thousand times. Case sensitive and all that. Still, it tells me that my password is incorrect:

      13:39:54,572 ERROR [STDERR] javax.security.auth.login.LoginException: Password Incorrect/Password Required

      What am I missing here? Im baffled.

        • 1. Re: Baffled using DatabaseServerLoginModule
          starksm64

          See if you can get anymore info out of the logs by setting the org.jboss.security category to TRACE level in the conf/log4j.xml file:

           <category name="org.jboss.security">
           <priority value="TRACE" class="org.jboss.logging.XLevel"/>
           </category>
          



          • 2. Re: Baffled using DatabaseServerLoginModule
            fenilya

            Thanks Scott for your suggestion. I see in the logs that indeed the prepared statement is :

            select passwd from users where login=?

            And the applied username is indeed the username I used (alex).
            Also I see the following debug line:
            23:18:22,864 DEBUG [DatabaseServerLoginModule] Bad password for username=alex

            However, I wish I could see what password jboss is trying to match and what password he has retrieved, but I cant see that :(
            Maybe I'll try remote debugging.

            • 3. Re: Baffled using DatabaseServerLoginModule
              fenilya

              So, I did some remote debugging in the DatabaseServerLogin class and it was all very simple as always...
              I forgot I did a field conversion char -> varchar on the password field, and the tool I'm using for DB management viciously filled up the field with spaces, but didnt show them in the grid. Very nasty. So, this problem is solved now. Thanks for your reaction Scott.

              Regards,
              Alex

              • 4. Re: Baffled using DatabaseServerLoginModule
                haplo_3

                im having the same problem now but im not using form im just using BASIC

                how can i debug DatabaseServerLoginModule?
                i dont see any msg in server.log

                • 5. Re: Baffled using DatabaseServerLoginModule
                  jaikiran

                   

                  how can i debug DatabaseServerLoginModule?
                  i dont see any msg in server.log


                  Have a look at Q4 at:

                  http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ

                  to enable TRACE level logging of JBoss security packages.