2 Replies Latest reply on Oct 13, 2005 11:35 AM by lduperval

    No access when roles defined in database

    lduperval
    lduperval Oct 12, 2005 3:29 PM

      Hi,

      I'm having a problem with authorization using Struts 1.1/Jboss 3.2.5.

      I have an initial class called MainComponenetMainMenuAction. In the execute() method of that class, I have this:

      if (true) {
      throw new Exception("Expection reached");
      }

      When I try to access the action, I don't reach the exception and I don't understand why.

      I am using FORM validation using a database. All my components use auth constraint "*". I have no roles (other than "*") defined in my application. So my web.xml looks like this:

      <security-constraint>
 <web-resource-collection>
<web-resource-name>secure-web-component-names</web-resource-name>
<url-pattern>/MainComponentMainPage.jsp</url-pattern>
<url-pattern>/MainComponentAdminPage.jsp</url-pattern>
<url-pattern>/MainComponentMainMenu.do</url-pattern>
<url-pattern>/MainComponentAdminMenu.do</url-pattern>

 <http-method>HEAD</http-method>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 <http-method>PUT</http-method>
 <http-method>DELETE</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>*</role-name>
 </auth-constraint>
 </security-constraint>


      When I trace the code, I see this: 

      2005-10-12 15:08:45,888 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login

2005-10-12 15:08:45,903 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'admin' authenticated, loginOk=true

2005-10-12 15:08:45,903 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true

2005-10-12 15:08:45,935 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role it

2005-10-12 15:08:45,935 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role user

2005-10-12 15:08:45,935 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role admin

2005-10-12 15:08:45,950 TRACE [org.jboss.security.plugins.JaasSecurityManager.my_security_realm] updateCache, subject=Subject:
 Principal: admin
 Principal: Roles(members:user,admin,it)


2005-10-12 15:08:45,950 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: admin is authenticated

2005-10-12 15:08:45,950 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input principal: adminto: admin

2005-10-12 15:08:45,950 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=admin

2005-10-12 15:08:45,950 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authentication of 'admin' was successful

2005-10-12 15:08:45,950 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Redirecting to original '/MainComponentMainMenu.do'

2005-10-12 15:08:45,950 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test ??/j_security_check

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /MainComponentMainMenu.do

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Standard-Struts-Administrative-Actions]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[AlturaForceContainerLogin]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure-Main-Menu]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> true

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Checking for reauthenticate in session StandardSession[22488C5E5187589AEC862116D4DD0F0F]

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Reauthenticating username 'admin'

2005-10-12 15:08:45,966 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=admin

2005-10-12 15:08:45,966 TRACE [org.jboss.security.plugins.JaasSecurityManager.my_security_realm] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1a3ae73

2005-10-12 15:08:45,966 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: admin is authenticated

2005-10-12 15:08:45,966 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input principal: adminto: admin

2005-10-12 15:08:45,966 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=admin

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Reauthentication failed, proceed normally

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Restore request from session '22488C5E5187589AEC862116D4DD0F0F'

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated 'admin' with type 'FORM'

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Proceed to restored request

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl()

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Successfully passed all security constraints

2005-10-12 15:08:45,966 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] action, runAs: null

2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.core.StandardWrapper] Returning non-STM instance


      My login-config.xml says: 

      <application-policy name = "my_security_realm">
 <authentication>

 <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
 flag = "required">
 <module-option name = "dsJndiName">java:/DefaultDS</module-option>
 <module-option name = "principalsQuery">SELECT PASSWORD FROM user WHERE USERID=?</module-option>
 <module-option name = "rolesQuery">
 SELECT role_Name,'Roles' FROM Role WHERE USERID=?
 </module-option>
 </login-module>
 <login-module code="org.jboss.security.ClientLoginModule" flag="required" />
 </authentication>
 </application-policy>




      • 2774 Views
      • Tags:
        • 1. Re: No access when roles defined in database
          lduperval
          lduperval Oct 13, 2005 11:12 AM (in response to lduperval)

          I've been doing more debugging. I added tracing for struts actions and I see this:

          2005-10-13 11:09:10,466 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Successfully passed all security constraints

          2005-10-13 11:09:10,466 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] action, runAs: null

          2005-10-13 11:09:10,466 DEBUG [org.apache.catalina.core.StandardWrapper] Returning non-STM instance

          2005-10-13 11:09:10,466 DEBUG [org.apache.struts.action.RequestProcessor] Processing a 'GET' for path '/MainComponentMainMenu'

          2005-10-13 11:09:10,466 DEBUG [org.apache.struts.action.RequestProcessor] Looking for Action instance for class com.fleetmind.tmeui.application.presentation.MainComponentMainMenu

          2005-10-13 11:09:10,466 DEBUG [org.apache.struts.action.RequestProcessor] Creating new Action instance

          2005-10-13 11:09:10,481 INFO [org.apache.struts.util.PropertyMessageResources] Initializing, config='org.apache.struts.actions.LocalStrings', returnNull=true

          2005-10-13 11:09:10,481 DEBUG [org.apache.struts.action.RequestProcessor] processForwardConfig(ForwardConfig[name=success,path=/MainComponentMainPage.jsp,redirect=false,contextRelative=false])

          Notice how a call is made to create a new Action instance, but the new instance is actually never started. I don't understand why it does that.

          L

            • Actions
          • 2. Re: No access when roles defined in database
            lduperval
            lduperval Oct 13, 2005 11:35 AM (in response to lduperval)

            And, I found it. It's a class loader issue. Another ear was using older versions of the classes mentioned above and they were being found by JBoss before the ones I had modified.

            L

              • Actions