UsersRolesLoginModule works ok but DatabaseServerLoginModule
kmarcos Sep 24, 2004 12:33 PMHi.
I have an application with struts an jboss.
I configure all to work with UsersRolesLoginModule and it's fine, but if i just change in login-config.xml the authentication to use DatabaseServerLoginModule it doesn't works... configuration its OK... and if i put an bad user or a wrong password works fine too deny permissions and show right errors, but if i put a correct user/passwd tomcat returns HTTP 403... and in the log there's not complains (exceptions), so i think the autentication module returns ok and tomcat just lost.
i was expecting, the same UsersRolesLoginModule good behavior, but not.
I followed all in famous"Complete configuration of JAAS on JBOSS and STRUTS" excepting that i use action="j_security_check" and the Strut's Actions are just showing error messages... So i don't have nothing about Security handlers and the rest...
any suggestion??
tks.
some code:
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Saih Admon</web-resource-name>
<url-pattern>*.do</url-pattern>
<url-pattern>/jsp/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin1</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/saihLogin.do</form-login-page>
<form-error-page>/saihLoginError.do</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin1</role-name>
</security-role>
login-config.xml
<application-policy name = "saih-admon">
<login-module code="org.jboss.security.ClientLoginModule" flag="required"></login-module>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=histoSecDS</module-option>
<module-option name="dsJndiName">java:/histoSecDS</module-option>
<module-option name="principalsQuery">SELECT password FROM Principals WHERE PrincipalId = ?</module-option>
<module-option name="rolesQuery">
SELECT Role as Roles, RoleGroup as RolesGroups FROM Roles WHERE PrincipalID = ?
</module-option>
<module-option name="unauthenticatedIdentity">unauth</module-option>
</login-module>
</application-policy>
struts-config.xml
< action path="/saihLogin" type="co.edu.uniandes.saih.web.SaihLoginAction"
scope="request">
< forward name="success" path="/SaihLogin.jsp" />
< /action>
< action path="/saihLoginError" type="co.edu.uniandes.saih.web.SaihLoginAction"
scope="request" parameter="loginError">
< forward name="error" path="/SaihLogin.jsp" />
< /action>
SaihLoginAction.java
public ActionForward execute(....){ System.out.println("entra al action orig"); System.out.println("login error param value parameter "+mapping.getParameter()); System.out.println("login error j_username "+request.getParameter("j_username")); System.out.println("login error j_password"+request.getParameter("j_password")); String error = mapping.getParameter(); if(null != error && error.equalsIgnoreCase("loginError")){ System.out.println("login error orig"); SaihLoginForm slf = new SaihLoginForm(); slf.setUser(request.getParameter("j_username")); slf.setPassword(request.getParameter("j_password")); ActionErrors errors= slf.validate(mapping,request); Iterator it = errors.get(); while (it.hasNext()){ ActionMessage am = (ActionMessage) it.next(); System.out.println(am.getKey()); } if (errors.isEmpty()){ System.out.println("empty"); errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("errors.login.refuse")); } request.setAttribute(Globals.ERROR_KEY, errors); return mapping.findForward("error"); } System.out.println("ok en action orig"); return mapping.findForward("success"); }
Log when i put bad user o password...
2004-09-24 08:40:38,889 DEBUG [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory] Using properties: {user=postgres, password=--hidden--}
2004-09-24 08:40:38,889 DEBUG [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory] Checking driver for URL: jdbc:postgresql://172.16.1.16:5432/histosec
2004-09-24 08:40:38,889 DEBUG [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory] Driver not yet registered for url: jdbc:postgresql://172.16.1.16:5432/histosec
2004-09-24 08:40:38,905 DEBUG [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory] Driver already registered for url: jdbc:postgresql://172.16.1.16:5432/histosec
2004-09-24 08:40:39,045 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] Bad password for username=kmarcos
2004-09-24 08:40:39,045 DEBUG [org.jboss.security.plugins.JaasSecurityManager.saih-admon] Login failure
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:160)
....
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
2004-09-24 08:40:39,045 INFO [STDOUT] entra al action orig
2004-09-24 08:40:39,045 INFO [STDOUT] login error param value parameter loginError
2004-09-24 08:40:39,045 INFO [STDOUT] login error j_username kmarcos
2004-09-24 08:40:39,045 INFO [STDOUT] login error j_passwordk
2004-09-24 08:40:39,045 INFO [STDOUT] login error orig
2004-09-24 08:40:39,045 INFO [STDOUT] empty
log when user/passwd is ok
2004-09-24 08:49:27,780 INFO [STDOUT] entra al action orig
2004-09-24 08:49:27,780 INFO [STDOUT] login error param value parameter null
2004-09-24 08:49:27,780 INFO [STDOUT] login error j_username null
2004-09-24 08:49:27,780 INFO [STDOUT] login error j_passwordnull
2004-09-24 08:49:27,780 INFO [STDOUT] ok en action orig