4 Replies Latest reply on Sep 6, 2005 7:10 PM by msly

JAAS Issues rolesQuery with a hashed username from DatabaseL

msly Aug 24, 2005 5:25 PM

The authentication workes fine.
Here is the query that is fired to get the roles:

select Web_App_Role,'Roles' from WEB_APP_USER_ROLES where Web_App_User_Principal=@p0ý

Here are the security setting:

<application-policy name = "labor-commission-safety">
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
 <module-option name = "unauthenticatedIdentity">guest</module-option>
 <module-option name="dsJndiName">java:/jdbc/SybaseASEDevDB</module-option>
 <module-option name="principalsQuery">select Password from SA_INSPECTOR where State_Number=?</module-option>
 <module-option name="rolesQuery">select Web_App_Role,'Roles' from WEB_APP_USER_ROLES where Web_App_User_Principal=?</module-option>
 </login-module>
 </authentication>
 </application-policy>

How do I stop this? The user name is not hashed.

Any Help would be appreciated.

1. Re: JAAS Issues rolesQuery with a hashed username from Datab

starksm64 Aug 28, 2005 12:47 PM (in response to msly)

The DatabaseServerLoginModule never hashes usernames so you need to look into where the bogus name is coming from at the app layer.
Actions
2. Re: JAAS Issues rolesQuery with a hashed username from Datab

msly Aug 29, 2005 12:21 PM (in response to msly)

Is there a way to see what is being passed throught the JAAS classes, or to get at the values? I turned the the logging for security to debug. Is there any other way to test this stuff. I am not sure what is being retrurned from the rolesQuery.
Actions
3. Re: JAAS Issues rolesQuery with a hashed username from Datab

starksm64 Sep 4, 2005 12:10 PM (in response to msly)
Most detailed security logging requires trace level configuration.

http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ
<category name="org.jboss.security"> <priority value="TRACE" class="org.jboss.logging.XLevel"/> </category>

Other than that, get a debugger and the source.
Actions
4. Re: JAAS Issues rolesQuery with a hashed username from Datab

msly Sep 6, 2005 7:10 PM (in response to msly)

Enabling trace helped me find the problem.

Here is the return of the getUserRoles during the problem:

Principal: Roles(members:safetyAppUser ,HttpInvoker )

Notice the white space after the role name.

The database column that I was pulling these from was a char(30) column, so I changed it to a varchar(30) and the query returned the following:

Principal: Roles(members:safetyAppUser,HttpInvoker)

Thanks for all of the help.

Mike
Actions

Go to original post