1 Reply Latest reply on Jun 2, 2004 4:44 AM by jimpo

    9.1 Security Using Database ->

    jimpo
    jimpo Jun 2, 2004 4:15 AM

      I'm having problems getting the example in 9.1, authentication using database to work. Other examples so far work, UsersRolesLoginModule works, it seems that the problem is caused by using DatabaseServerLogingModule. When I configure Duke's bank to use database as storage for usernames & passwords, login works like:

      a) wrong password => login error page as should
      b) correct password => login succeeds and redirects to main, but only "Duke's bank" picture is shown, links for logoff, listing accounts etc. are missing. Following stacktrace is printed in console:

      10:58:32,673 ERROR [Engine] JspFactoryImpl: Exception initializing page context
      java.lang.IllegalStateException: Cannot create a session after the response has been committed
      at org.apache.coyote.tomcat4.CoyoteRequest.doGetSession(CoyoteRequest.java:1878)
      at org.apache.coyote.tomcat4.CoyoteRequest.getSession(CoyoteRequest.java:1725)
      at org.apache.coyote.tomcat4.CoyoteRequestFacade.getSession(CoyoteRequestFacade.java:361)
      at org.apache.coyote.tomcat4.CoyoteRequestFacade.getSession(CoyoteRequestFacade.java:366)
      at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:268)
      at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:268)
      at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:268)
      at org.apache.jasper.runtime.PageContextImpl._initialize(PageContextImpl.java:138)
      at org.apache.jasper.runtime.PageContextImpl.initialize(PageContextImpl.java:114)
      at org.apache.jasper.runtime.JspFactoryImpl.internalGetPageContext(JspFactoryImpl.java:175)
      at org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:154)
      at org.apache.jsp.errorpage_jsp._jspService(errorpage_jsp.java:34)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:210)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
      at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:575)
      at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:498)
      at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:822)
      at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:398)
      at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:503)
      at org.apache.jsp.template_jsp._jspService(template_jsp.java:517)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:210)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
      at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:432)
      at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:356)
      at com.sun.ebank.web.Dispatcher.doGet(Unknown Source)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
      at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:432)
      at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:356)
      at org.apache.catalina.valves.ErrorDispatcherValve.custom(ErrorDispatcherValve.java:420)
      at org.apache.catalina.valves.ErrorDispatcherValve.status(ErrorDispatcherValve.java:327)
      at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:181)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
      at java.lang.Thread.run(Thread.java:534)

      corresponding login.config settings:

      <!-- this one works OK -->
      <!--
      <application-policy name = "dukesbank">

      <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />

      </application-policy>
      -->

      <!-- this one does not work -->
      <application-policy name = "dukesbank">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name="dsJndiName">java:/DefaultDS</module-option>
      <module-option name="principalsQuery">select passwd from users where username=?</module-option>
      <module-option name="rolesQuery">select userroles, 'roles' from userroles where username=?</module-option>
      <module-option name="dsJndiName">java:/DefaultDS</module-option>
      </login-module>

      </application-policy>

      Any ideas?

      • 7213 Views
      • Tags:
        • 1. Re: 9.1 Security Using Database ->
          jimpo
          jimpo Jun 2, 2004 4:44 AM (in response to jimpo)

          Similar(ish) problems with example 9.2: using password hashing...

          I took the functional UsersRolesLoginModule authentication policy and appended it with hashing settings:

          <module-option name="hashAlgorithm">MD5</module-option>
          <module-option name="hashEncoding">base64</module-option>

          After those (and updating user.properties and role.properties) login is no longer working...

          a) wrong password => logonError as should
          b) correct password => Duke's bank logo, and below it:

          Server Error
          Your request cannot be completed. The server got the following error:
          null

          Stacktrace from console:

          11:36:53,779 ERROR [STDERR] Debug: CustomerControllerBean ejbCreate
          11:36:53,799 ERROR [STDERR] Debug: CustomerControllerBean leaving
          11:36:53,819 ERROR [STDERR] Debug: AccountControllerBean ejbCreate
          11:36:53,839 ERROR [STDERR] Debug: TxControllerBean ejbCreate
          11:36:53,879 ERROR [STDERR] Debug: AccountControllerBean getAccountsOfCustomer
          11:36:53,879 ERROR [STDERR] Debug: AccountBean setEntityContext
          11:36:53,879 ERROR [STDERR] Debug: AccountBean ejbFindByCustomerId
          11:36:53,879 ERROR [STDERR] Debug: AccountBean selectByCustomerId
          11:36:53,879 ERROR [STDERR] Debug: AccountBean makeConnection
          11:36:53,889 ERROR [STDERR] Debug: AccountBean releaseConnection
          11:36:53,889 ERROR [Engine] ApplicationDispatcher[/bank] Servlet.service() for servlet jsp threw exception
          org.apache.jasper.JasperException
          at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:254)
          at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
          at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
          at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:575)
          at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:498)
          at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:822)
          at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:398)
          at com.sun.ebank.web.taglib.InsertTag.doEndTag(Unknown Source)
          at org.apache.jsp.template_jsp._jspx_meth_tt_insert_2(template_jsp.java:1178)
          at org.apache.jsp.template_jsp._jspService(template_jsp.java:505)
          at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:210)
          at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
          at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
          at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:432)
          at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:356)
          at com.sun.ebank.web.Dispatcher.doGet(Unknown Source)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
          at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:220)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:553)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
          at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
          at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
          at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
          at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
          at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
          at java.lang.Thread.run(Thread.java:534)

          11:36:53,899 ERROR [Engine] ----- Root Cause -----
          java.lang.NullPointerException
          at org.apache.jsp.links_jsp._jspService(links_jsp.java:71)
          at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:210)
          at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
          at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
          at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:575)
          at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:498)
          at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:822)
          at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:398)
          at com.sun.ebank.web.taglib.InsertTag.doEndTag(Unknown Source)
          at org.apache.jsp.template_jsp._jspx_meth_tt_insert_2(template_jsp.java:1178)
          at org.apache.jsp.template_jsp._jspService(template_jsp.java:505)
          at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:210)
          at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
          at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
          at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:432)
          at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:356)
          at com.sun.ebank.web.Dispatcher.doGet(Unknown Source)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
          at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:220)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:553)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
          at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
          at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
          at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
          at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
          at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
          at java.lang.Thread.run(Thread.java:534)

            • Actions