jmx-console: db authentication doesn't work
I want to use a DatabaseServerLoginModule instead of the UsersRolesLoginModule for jmx-console authentication. However, this doesn't seem to work (UsersRolesLoginModule does the job, but not DatabaseServerLoginModule).
the relevant part of my login-config.xml:
<application-policy name="jmx-console"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/UserDS</module-option> <module-option name="principalsQuery" >SELECT passwd2 FROM users WHERE login=? AND status > 0</module-option> <module-option name="rolesQuery" >SELECT r.name, 'Roles' FROM users u, roles r, user2role m WHERE u.login=? AND u.uid=m.uid AND m.gid=r.gid</module-option> <module-option name="hashAlgorithm">MD5</module-option> <module-option name="hashEncoding">base64</module-option> </login-module> </authentication> </application-policy>
The DB Tables:
CREATE TABLE IF NOT EXISTS `users` ( `uid` int(11) NOT NULL auto_increment, `status` smallint(6) default NULL, `email` varchar(64) default NULL, `firstname` varchar(32) default NULL, `lastname` varchar(32) default NULL, `login` varchar(16) NOT NULL default '', `middlename` varchar(32) default NULL, `passwd` varchar(32) default NULL, `passwd2` varchar(32) default '*', PRIMARY KEY (`uid`), UNIQUE KEY `login` (`login`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `roles` ( `gid` int(11) NOT NULL auto_increment, `name` varchar(32) NOT NULL default '', PRIMARY KEY (`gid`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `user2role` ( `uid` int(11) NOT NULL default '0', `gid` int(11) NOT NULL default '0', PRIMARY KEY (`gid`,`uid`), KEY `fk_gid` (`gid`), KEY `fk_uid` (`uid`), CONSTRAINT `fk_gid` FOREIGN KEY (`gid`) REFERENCES `roles` (`gid`), CONSTRAINT `fk_uid` FOREIGN KEY (`uid`) REFERENCES `users` (`uid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; INSERT INTO `users` (`uid`,`status`,`login`,`passwd`) VALUES (1,1,'admin','ISMvKXpXpadDiUoOSoAfww=='); INSERT INTO `roles` (`gid`,`name`) VALUES (1,'JBossAdmin'); INSERT INTO `roles` (`gid`,`name`) VALUES (2,'HttpInvoker'); INSERT INTO `user2role` (`uid`,`gid`) VALUES (1,1); INSERT INTO `user2role` (`uid`,`gid`) VALUES (1,2);
This works for EJB3 apps without any problems, but why not for the jmx-console ?
Any hint ?
