11 Replies Latest reply on Apr 8, 2004 1:24 PM by billen

    Authentification with JBoss.NET and DatabaseServerLoginModul

    billen
    billen Apr 5, 2004 4:36 AM

      I'm trying to enable authentification on my webservices. I am doing it this way:

      http://www.nsdev.org/jboss/stories/jboss-net.html

      It seems as if the client is sending the username and password allright. The webservice is also requesting the JAAS module, but ten something is going wrong.

      I get this error on server:

      java.sql.SQLException: Table not found: PRINCIPALS in statement [select Password from Principals where PrincipalID='billen']
 at org.hsqldb.Trace.getError(Unknown Source)
 at org.hsqldb.jdbcResultSet.<init>(Unknown Source)
 at org.hsqldb.jdbcConnection.executeStandalone(Unknown Source)
 ...


      This cant be right, cause that is NOT the prepared statement I have defined in login-config.xml. It also uses hsqldb, which again is not the datasource I have defined in login-config.xml. My login-config.xml looks like this: 

      <application-policy name = "openbroad">
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required" />
 <module-option name="dsJndiName">java:/OpenBroadDB</module-option>
 <module-option name="principalsQuery">SELECT password FROM usertable WHERE username=?</module-option>
 <module-option name="rolesQuery">SELECT role, 'Roles' FROM userroles WHERE username=?</module-option>
 </authentication>
</application-policy>


      I am using Jboss4dr3.

      • 13926 Views
      • Tags:
        • 1. Re: Authentification with JBoss.NET and DatabaseServerLoginM
          essington
          essington Apr 5, 2004 10:15 AM (in response to billen)

          Does the application policy "other" also have a DatabaseServerLoginModule configured to use the defaultDS?

          It looks like maybe the AxisServlet (jboss-net.war) is trying to authenticate the HTTP request against that.

          Have you set the security domain for JBoss.Net?

          It is in the jboss-net.sar/jboss-net.war/WEB-INF/jboss-web.xml

          By default it is set to use "other"

          you could to set it to:

          <jboss-web><security-domain>java:/jaas/openbroad</security-domain></jboss-web>


          And maybe clear up your problem.

          I have tried my JBoss.Net application (which uses the DatabaseServerLoginModule) on JBoss 4.0DR3 and it seemed to work o.k.

            • Actions
          • 2. Re: Authentification with JBoss.NET and DatabaseServerLoginM
            billen
            billen Apr 6, 2004 6:02 AM (in response to billen)

            Hello and thank you for your reply

            It didn't work and I still get the same error message.

            Should I post some of the code, so you can check if it is correct?

              • Actions
            • 3. Re: Authentification with JBoss.NET and DatabaseServerLoginM
              fheldt
              fheldt Apr 6, 2004 9:09 AM (in response to billen)

              Do you use ant?

              Then putting

              * @jboss-net.authentication
              * domain="openbroad"
              * validate-unauthenticated-calls="true"
              *
              * @jboss-net.authorization
              * domain="openbroad"

              in your (Webservice) Session Bean should do the job, which means it puts the corresponding entry in webservice.xml

                • Actions
              • 4. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                billen
                billen Apr 7, 2004 3:34 AM (in response to billen)

                 

                "fheldt" wrote:
                Do you use ant?

                Then putting

                * @jboss-net.authentication
                * domain="openbroad"
                * validate-unauthenticated-calls="true"
                *
                * @jboss-net.authorization
                * domain="openbroad"

                in your (Webservice) Session Bean should do the job, which means it puts the corresponding entry in webservice.xml


                I guess you mean XDoclet? Yes I do it that way. I do it the way you can see at the link in my first post.

                  • Actions
                • 5. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                  fheldt
                  fheldt Apr 7, 2004 10:52 AM (in response to billen)

                  Yes, i meant xdoclet, sorry for confusion.

                  Does your webservice.xml contain lines like the following?

                   <handler type="java:org.jboss.net.axis.server.JBossAuthenticationHandler">
 <parameter name="securityDomain" value="java:/jaas/..."/>
 </handler>
 <handler type="java:org.jboss.net.axis.server.JBossAuthorizationHandler">
 <parameter name="securityDomain" value="java:/jaas/..."/>
 <parameter name="allowedRoles" value="..."/>
 <parameter name="deniedRoles" value="..."/>
 </handler>


                    • Actions
                  • 6. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                    essington
                    essington Apr 7, 2004 12:02 PM (in response to billen)

                    first thing, the dsJndiName doesn't look quite right. it should be
                    java:jaas/something
                    in your case, maybe
                    java:jaas/OpenbroadDS

                    or whatever is in your openbroad-ds.xml file in the <jndi-name> tag.

                    you might also check for any other <application-policy>s that have a DatabaseServerLoginModule in them that may be misconfigured.

                      • Actions
                    • 7. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                      billen
                      billen Apr 8, 2004 6:22 AM (in response to billen)

                       

                      "fheldt" wrote:
                      Does your webservice.xml contain lines like the following?


                      Yes the web-service.xml file that is generated by XDoclet look like this: 

                      <service name="TestService" provider="Handler">
 <parameter name="handlerClass" value="org.jboss.net.axis.server.EJBProvider"/>
 <parameter name="beanJndiName" value="webservice/TestService"/>
 <parameter name="allowedMethods" value="testLogin "/>
 <requestFlow name="TestServiceRequest">
 <handler type="java:org.jboss.net.axis.server.JBossAuthenticationHandler">
 <parameter name="securityDomain" value="java:/jaas/openbroad"/>
 <parameter name="validateUnauthenticatedCalls" value="true"/>
 </handler>
 <handler type="java:org.jboss.net.axis.server.JBossAuthorizationHandler">
 <parameter name="securityDomain" value="java:/jaas/openbroad"/>
 <parameter name="allowedRoles" value="admin"/>
 </handler>
 </requestFlow>
 <responseFlow name="TestServiceResponse">
 </responseFlow>
</service>


                        • Actions
                      • 8. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                        billen
                        billen Apr 8, 2004 6:25 AM (in response to billen)

                         

                        "Essington" wrote:
                        first thing, the dsJndiName doesn't look quite right. it should be
                        java:jaas/something
                        in your case, maybe
                        java:jaas/OpenbroadDS

                        or whatever is in your openbroad-ds.xml file in the <jndi-name> tag.


                        Are you sure about that? JAAS is Java Authentication and Authorization Service and does not IMHO have anything to do with the datasource file.

                          • Actions
                        • 9. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                          essington
                          essington Apr 8, 2004 11:49 AM (in response to billen)

                           

                          "billen" wrote:
                          Are you sure about that? JAAS is Java Authentication and Authorization Service and does not IMHO have anything to do with the datasource file.


                          Bah!

                          I meant "java:jdbc/OpenbroadDS"

                          jdbc not jaas (this alphabet soup of Sun's keeps confusing me)

                          Sorry about that.

                          At any rate the value in should match the value in your datasource definition. The will need "java:" prepended to whatever value is in the <jndi-name> tag of your xxx-ds.xml file.

                            • Actions
                          • 10. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                            adrian.brock Apr 8, 2004 12:00 PM (in response to billen)

                            Your xml is incorrect. It should be:

                            <application-policy name = "openbroad">
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required" >
 <module-option name="dsJndiName">java:/OpenBroadDB</module-option>
 <module-option name="principalsQuery">SELECT password FROM usertable WHERE username=?</module-option>
 <module-option name="rolesQuery">SELECT role, 'Roles' FROM userroles WHERE username=?</module-option>
 </login-module>
 </authentication>
</application-policy>


                              • Actions
                            • 11. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                              billen
                              billen Apr 8, 2004 1:24 PM (in response to billen)

                               

                              "adrian@jboss.org" wrote:
                              Your xml is incorrect. ...


                              Thank you adrian. It works now.

                                • Actions