9.1 Security Using Database ->
jimpo Jun 2, 2004 4:15 AMI'm having problems getting the example in 9.1, authentication using database to work. Other examples so far work, UsersRolesLoginModule works, it seems that the problem is caused by using DatabaseServerLogingModule. When I configure Duke's bank to use database as storage for usernames & passwords, login works like:
a) wrong password => login error page as should
b) correct password => login succeeds and redirects to main, but only "Duke's bank" picture is shown, links for logoff, listing accounts etc. are missing. Following stacktrace is printed in console:
10:58:32,673 ERROR [Engine] JspFactoryImpl: Exception initializing page context
java.lang.IllegalStateException: Cannot create a session after the response has been committed
at org.apache.coyote.tomcat4.CoyoteRequest.doGetSession(CoyoteRequest.java:1878)
at org.apache.coyote.tomcat4.CoyoteRequest.getSession(CoyoteRequest.java:1725)
at org.apache.coyote.tomcat4.CoyoteRequestFacade.getSession(CoyoteRequestFacade.java:361)
at org.apache.coyote.tomcat4.CoyoteRequestFacade.getSession(CoyoteRequestFacade.java:366)
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:268)
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:268)
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:268)
at org.apache.jasper.runtime.PageContextImpl._initialize(PageContextImpl.java:138)
at org.apache.jasper.runtime.PageContextImpl.initialize(PageContextImpl.java:114)
at org.apache.jasper.runtime.JspFactoryImpl.internalGetPageContext(JspFactoryImpl.java:175)
at org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:154)
at org.apache.jsp.errorpage_jsp._jspService(errorpage_jsp.java:34)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:210)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:575)
at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:498)
at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:822)
at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:398)
at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:503)
at org.apache.jsp.template_jsp._jspService(template_jsp.java:517)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:210)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:432)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:356)
at com.sun.ebank.web.Dispatcher.doGet(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:432)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:356)
at org.apache.catalina.valves.ErrorDispatcherValve.custom(ErrorDispatcherValve.java:420)
at org.apache.catalina.valves.ErrorDispatcherValve.status(ErrorDispatcherValve.java:327)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:181)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
at java.lang.Thread.run(Thread.java:534)
corresponding login.config settings:
<!-- this one works OK -->
<!--
<application-policy name = "dukesbank">
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>
-->
<!-- this one does not work -->
<application-policy name = "dukesbank">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name="dsJndiName">java:/DefaultDS</module-option>
<module-option name="principalsQuery">select passwd from users where username=?</module-option>
<module-option name="rolesQuery">select userroles, 'roles' from userroles where username=?</module-option>
<module-option name="dsJndiName">java:/DefaultDS</module-option>
</login-module>
</application-policy>
Any ideas?