5 Replies Latest reply on Oct 14, 2004 8:42 AM by haobaba1

form based auth & DatabaseServerLoginModule

javaprogrammer Oct 13, 2004 6:37 AM

Hello to everyone. First of all sorry for my english :)

I have a problem. I'm using DatabaseServerLoginModule and form based authentification in my develop. first servlet executing login and if everything is ok it's redirect to other servlet. In this servlet i'm trying to request.getUserPrincipal(). It's null. Why?
Here is my souces:

********login-config.xml*****
<application-policy name = "UserPolicy">

<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/FirebirdDS</module-option>
<module-option name = "principalsQuery">SELECT PASS FROM users WHERE LOGIN=?</module-option>
<module-option name = "rolesQuery">SELECT ROLE, 'Roles' FROM users WHERE LOGIN=?</module-option>
<module-option name = "unauthenticatedIdentity">anonymouse</module-option>
</login-module>

</application-policy>
*****************************

**************web.xml********
security-constraint>
<web-resource-collection>
<web-resource-name>Secured Web Resource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>UserPolicy</realm-name>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/login</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>user</role-name>
</security-role>
****************************
******jboss-web.xml*********
<security-domain>java:/jaas/UserPolicy</security-domain>
***************************

*****jboss.xml**********
<security-domain>java:/jaas/UserPolicy</security-domain>
***********************

*****my login servlet, which starts like a first page (URL pattern = login)******
...
String login = request.getParameter("j_username");
String password = request.getParameter("j_password");
...
System.setProperty("java.security.auth.login.config", "D:/jboss-3.2.5/client/auth.conf");
System.out.println("Creating CallBackHandler");
CallbackHandler handler = new MyHandler(login, password);
System.out.println("Creating LoginContext");
LoginContext logcont = new LoginContext("UserPolicy", handler);
System.out.println("Created LoginContext");
try {
logcont.login();
System.out.println("Logon!!! Getting username/password");
Subject sub = logcont.getSubject();
System.out.println("Principals "+ sub.getPrincipals().toString());
System.out.println("Credentials "+ sub.getPublicCredentials().toString());
}
catch (Exception e) {
System.out.println("Authentication failed: " + e.getMessage());
} System.out.println("loginservletuser: " + user);
...
**********************************************
if everything ok, it redirects to other servlet in which i have
...
Principal user1 = request.getUserPrincipal();
...
and it's = null. Because of this I don't have any roles and I can't get access to my beans.

Please, ive some ideas about it!!!!!
P.S. With Best regards :)

and who can tell how create object Principal from object Subject?

1. Re: form based auth & DatabaseServerLoginModule

websel Oct 14, 2004 5:14 AM (in response to javaprogrammer)

String login = request.getParameter("j_username");
String password = request.getParameter("j_password");

Check these strings, there null. It's not possible to retrieve these values :-(
I'm stucked here as well

WebSel
Actions
2. Re: form based auth & DatabaseServerLoginModule

javaprogrammer Oct 14, 2004 6:01 AM (in response to javaprogrammer)

"WebSel" wrote:
String login = request.getParameter("j_username");
String password = request.getParameter("j_password");

Check these strings, there null. It's not possible to retrieve these values :-(
I'm stucked here as well

WebSel

I checked yhis parameters by System.out. It's not a null. login method executed successful. when I' m redirectin to other servlet there method getUserPrincipal returns null.
Actions
3. Re: form based auth & DatabaseServerLoginModule

haobaba1 Oct 14, 2004 8:37 AM (in response to javaprogrammer)

You don't implement a servlet that retrieves the login creditials. The servlet container intercepts the j_security_check post and initiates the login with the login module you configure automatically.

Check your query 'Roles' should be "Roles" don't ask why I don't know.

Add this to the log4j.xml file in your default servers conf directory,

This should add some logging to your server.log file located in the logs directory. That may help you diagnose what is really going wrong.

A successful login will result in a log that looks like this:

2004-10-11 12:09:14,642 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
2004-10-11 12:09:14,642 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=Unknown
2004-10-11 12:09:14,642 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/TaTrac2DS
2004-10-11 12:09:14,642 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT PASSWORD FROM CONTACT WHERE USERNAME=?
2004-10-11 12:09:14,642 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT R.ROLE as role, "Roles" FROM ROLES AS R, CONTACT AS C, ROLEMAP AS M WHERE C.USERNAME = ? AND C.GROUPID = M.GROUPID AND M.ROLEID = R.ROLEID
2004-10-11 12:09:14,642 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
2004-10-11 12:09:15,095 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'glloyd' authenticated, loginOk=true
2004-10-11 12:09:15,111 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
2004-10-11 12:09:15,157 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role Admin
2004-10-11 12:09:15,157 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role TALiaison
2004-10-11 12:09:15,157 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role CCB
2004-10-11 12:09:15,157 TRACE [org.jboss.security.plugins.JaasSecurityManager.tatrackerRealm] updateCache, subject=Subject:
Principal: glloyd
Principal: Roles(members:CCB,Admin,TALiaison)
Actions
4. Re: form based auth & DatabaseServerLoginModule

haobaba1 Oct 14, 2004 8:39 AM (in response to javaprogrammer)

Sorry the xml got stripped out I am trying again, this is what you add to the log4j.xml:
Actions
5. Re: form based auth & DatabaseServerLoginModule

haobaba1 Oct 14, 2004 8:42 AM (in response to javaprogrammer)

<category name="org.jboss.security"> <priority value="TRACE" class="org.jboss.logging.XLevel"/> </category>
Actions

Go to original post