6 Replies Latest reply on Aug 30, 2011 7:30 AM by ericci

    configure jaas database module for webapp within tomcat in jboss

    sbadrinath

      I am using JBoss 4.2.3. I have a webapp with my own db schema containing users,roles. I configured the catalina jdbc realm in the default/deploy/jboss-web.deployer/server.xml as follows:

      <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
                 driverName="org.gjt.mm.mysql.Driver"
                 connectionURL="jdbc:mysql://....."
                 userTable="USERS" userNameCol="UserName" userCredCol="UserPasswd"
                 userRoleTable="USER_ROLE_XREF" roleNameCol="RoleName"/>

       

      In my web.xml I have the FORM based auth-mode in login-config and the appropriate login/error pages configured.

      <form-login-config>
                  <form-login-page>/Login.jsp</form-login-page>
                  <form-error-page>/LoginFailed.jsp?failed=true</form-error-page>
              </form-login-config>

       

      Now, the authentication seems to work, though i get classcastexceptions

       

      2010-08-24 15:20:35,220 DEBUG [org.jboss.web.tomcat.security.SecurityAssociationValve] Failed to determine servlet
      java.lang.ClassCastException: org.apache.catalina.realm.GenericPrincipal  cannot be cast to org.jboss.web.tomcat.security.JBossGenericPrincipal
               at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:146)

       

      I have checked on the JBoss forums as well as numerous posts online related to this and they mention using a custom login module or built in jboss module.

      So, after reading ch8 (security) of the jboss docs http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html

      I decided to use the built in

      org.jboss.security.auth.spi.DatabaseServerLoginModule
      and configured an entry for my webapp in default/conf/login-config.xml as follows

      <application-policy name = "mywebapp">
             <authentication>
                <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
                   flag = "required">
                   <module-option name = "unauthenticatedIdentity">guest</module-option>
                   <module-option name = "dsJndiName">java:/myds</module-option>
                   <module-option name = "principalsQuery">SELECT USERPASSWD FROM USERS WHERE USERNAME=?<
      /module-option>
                   <module-option name = "rolesQuery">SELECT ROLENAME, 'Roles' FROM USER_ROLE_XREF WHERE
      USERNAME=?</module-option>
                </login-module>
             </authentication>
          </application-policy>


      In my webapp, along with the web.xml, I created a jboss-web.xml with the name of the security-domain
      configured as mywebapp.


      <jboss-web>
          <security-domain>java:/jaas/mywebapp</security-domain>
      </jboss-web>

      Now, when I try to login, I get the following error in the server.log where it tries to use UserRoleLoginModule and complains about not finding user.properties
      as well as role.properties.

      2010-08-24 15:54:08,373 WARN  [org.apache.catalina.realm.JAASRealm] Login exception authenticating username "admin"
      javax.security.auth.login.LoginException: Missing users.properties file.
              at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:148)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
              at java.lang.reflect.Method.invoke(Unknown Source)
              at javax.security.auth.login.LoginContext.invoke(Unknown Source)
              at javax.security.auth.login.LoginContext.access$000(Unknown Source)
              at javax.security.auth.login.LoginContext$4.run(Unknown Source)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
              at javax.security.auth.login.LoginContext.login(Unknown Source)
              at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:361)
              at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
              at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
              at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
              at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
              at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
              at java.lang.Thread.run(Unknown Source)


      Ideally, the tomcat jdbc realm shouldnt give a classcastexception as that realm works in the standalone tomcat env.
      What am I missing?
      Thanks in advance!
      Shyam