Jaas Login module problem
leondavis Apr 11, 2004 1:42 PMI am trying to have authenticated logins to my system.
I have a database setup code, I am using hypersonic, which populates the database with necessary roles and users. From then my code uses the database to authenticate users atempting to login. I had been having a problem with the DatabaseServerLoginModule, as when I logged in users they were logging in but when they tried to perform some EJB operation I got a Security Exceptions, "principal=null" appearing.
This is a problem that seems to have occured many times in these forums, however there was only one post that I found that actually fixed things for me. I have replied with a further question to this post, but as it was raised some months ago, I am not sure that I am going to get a reply anytime soon and I am in quite desperate need of a fix as what I am doing is part of an assessed project for my final year in Univerisity.
The post in queston can be found at the following link:
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=38229
It advised that in adition to needing the DatabaseServerLoginModule in the defined aplication policy that also the ClientLoginModule was needed.
This has indeed fixed my problem as far as database authentication is concerned. However now that this is in my policy and so in my login-config.xml the aplication polocy "client-login" no longer works(I recieve Authentication exception, principal=null messages again) this is what I was using for my database setup code. Removing the fix means that the client-login policy works once more, but this is no good to me.
Here is what I added to my aplication policy:
<login-module code = "org.jboss.security.ClientLoginModule" flag = "required"> </login-module>
and as a result my aplication policy looks like this:
<application-policy name="bank">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/DefaultDS</module-option>
<module-option name="principalsQuery">select PASSWORD from USEREJB where USERNAME=?</module-option>
<module-option name="rolesQuery">select ROLESEJB,'Roles' from USEREJB_ROLES_ROLESEJB_USER where USEREJB=?</module-option>
</login-module>
<login-module code = "org.jboss.security.ClientLoginModule" flag = "required"> </login-module>
</application-policy>
Having added in the above lines client-login no longer works:
<application-policy name = "client-login">
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
</application-policy>
I am pretty new to all of this so be gentle, and I am sure that there is something blindingly obvious for why it is not working, I just can't see it. Therfore I look to anyone that can give me the answer :)
If I need to post any more information then just say.
Many thanks,
Leon.
p.s. I am using Jboss 3.2.3