3 Replies Latest reply on Oct 6, 2009 1:16 AM by jaikiran

Login doesn't work

juergen.zimmermann Aug 18, 2009 10:04 AM

I'm using Embedded JBoss beta3.SP9. All tests are working fine as long as I don't use a security domain

Using the EJB jar within an EAR inside JBossAS 5.1 (inclusive security domain) also works fine.

Any hint for setting up the login mechanism with Embedded JBoss is appreciated.

bootstrap/conf/login-config.xml:

<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
 "-//JBoss//DTD JBOSS Security Config 3.0//EN"
 "http://www.jboss.org/j2ee/dtd/security_config.dtd">
<policy>
 <application-policy name="hska">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
 <module-option name="dsJndiName">java:/hskaDS</module-option>
 <module-option name="unauthenticatedIdentity">anonymous</module-option>
 <module-option name="principalsQuery">
 SELECT password
 FROM kunde
 WHERE username=?
 </module-option>
 <module-option name="rolesQuery">
 SELECT role, 'Roles'
 FROM hska_role r
 INNER JOIN kunde k ON r.kunde_fk = k.k_id
 WHERE k.username=?
 </module-option>
 <module-option name="hashAlgorithm">SHA-1</module-option>
 <module-option name="hashEncoding">base64</module-option>
 </login-module>
 </authentication>
 </application-policy>
</policy>

META-INF/jboss.xml:

<?xml version="1.0"?>
<!DOCTYPE jboss PUBLIC
 "-//JBoss//DTD JBOSS 5.0//EN"
 "http://www.jboss.org/j2ee/dtd/jboss_5_0.dtd">
<jboss>
 <security-domain>hska</security-domain>
</jboss>

Code fragment for login:

final Properties loginProps = new Properties();
loginProps.setProperty(Context.SECURITY_PRINCIPAL, "2");
loginProps.setProperty(Context.SECURITY_CREDENTIALS, "2");
loginProps.setProperty(Context.SECURITY_PROTOCOL, "hska");
ctx = new InitialContext(loginProps);
LOGGER.info("Completed new InitialContext(loginProps)");
...
LOGGER.info("Invoking the secured method");

The log shows "User '2' authenticated, loginOk=true", but for the later authentication the user "anonymous" is used (Why ?):

TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] ctor, contextID=hskaTest.jar
TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=admin, p=("javax.security.jacc.EJBMethodPermission" "KundenverwaltungBean" "deleteKunde,,de.hska.kundenverwaltung.pojo.Kunde")[*:deleteKunde(de.hska.kundenverwaltung.pojo.Kunde)]
TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=admin, p=("javax.security.jacc.EJBMethodPermission" "KundenverwaltungBean" "deleteKundeById,,java.lang.Long,java.util.Locale")[*:deleteKundeById(java.lang.Long,java.util.Locale)]
TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=mitarbeiter, p=("javax.security.jacc.EJBMethodPermission" "KundenverwaltungBean" "createKunde,,de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale")[*:createKunde(de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale)]
TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=admin, p=("javax.security.jacc.EJBMethodPermission" "KundenverwaltungBean" "createKunde,,de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale")[*:createKunde(de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale)]
TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=mitarbeiter, p=("javax.security.jacc.EJBMethodPermission" "KundenverwaltungBean" "updateKunde,,de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale")[*:updateKunde(de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale)]
TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=admin, p=("javax.security.jacc.EJBMethodPermission" "KundenverwaltungBean" "updateKunde,,de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale")[*:updateKunde(de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale)]
TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=kunde, p=("javax.security.jacc.EJBMethodPermission" "BestellverwaltungBean" "create,,de.hska.bestellverwaltung.pojo.Bestellung,java.util.Locale")[*:create(de.hska.bestellverwaltung.pojo.Bestellung,java.util.Locale)]
TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] commit
TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(hska), size=1
TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(hska), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: Anmeldemodul-Steuerflag: required
Options:name=hashAlgorithm, value=SHA-1
name=principalsQuery, value=SELECT password FROM kunde WHERE username=?
name=unauthenticatedIdentity, value=anonymous
name=hashEncoding, value=base64
name=dsJndiName, value=java:/hskaDS
name=rolesQuery, value=SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?

TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: hska
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=anonymous
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Password hashing activated: algorithm = SHA-1, encoding = base64, charset = {default}, callback = null, storeCallback = null
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/hskaDS
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT password FROM kunde WHERE username=?
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT password FROM kunde WHERE username=?, with username: 2
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Obtained user password
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User '2' authenticated, loginOk=true
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets using rolesQuery: SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?, username: 2
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?, with username: 2
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role mitarbeiter
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role kunde
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
INFO [de.hska.test.KundenverwaltungTest] Completed new InitialContext(loginProps)
INFO [de.hska.test.KundenverwaltungTest] Invoking the secured method
TRACE [jboss.security.plugins.auth.JaasSecurityManagerBase.hska] Begin isValid, principal:null, cache info: null
TRACE [jboss.security.plugins.auth.JaasSecurityManagerBase.hska] defaultLogin, principal=null
TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(hska), size=1
TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(hska), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: Anmeldemodul-Steuerflag: required
Options:name=hashAlgorithm, value=SHA-1
name=principalsQuery, value=SELECT password FROM kunde WHERE username=?
name=unauthenticatedIdentity, value=anonymous
name=hashEncoding, value=base64
name=dsJndiName, value=java:/hskaDS
name=rolesQuery, value=SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?

TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: hska
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=anonymous
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Password hashing activated: algorithm = SHA-1, encoding = base64, charset = {default}, callback = null, storeCallback = null
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/hskaDS
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT password FROM kunde WHERE username=?
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Authenticating as unauthenticatedIdentity=anonymous
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'anonymous' authenticated, loginOk=true
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets using rolesQuery: SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?, username: anonymous
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?, with username: anonymous
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] No roles found
TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
TRACE [jboss.security.plugins.auth.JaasSecurityManagerBase.hska] defaultLogin, lc=javax.security.auth.login.LoginContext@1b18970, subject=Subject(28334428).principals=org.jboss.security.SimplePrincipal@12240026(anonymous)org.jboss.security.SimpleGroup@29462573(Roles(members))
TRACE [jboss.security.plugins.auth.JaasSecurityManagerBase.hska] updateCache, inputSubject=Subject(28334428).principals=org.jboss.security.SimplePrincipal@12240026(anonymous)org.jboss.security.SimpleGroup@29462573(Roles(members)), cacheSubject=Subject(31404820).principals=org.jboss.security.SimplePrincipal@12240026(anonymous)org.jboss.security.SimpleGroup@29462573(Roles(members))
TRACE [jboss.security.plugins.auth.JaasSecurityManagerBase.hska] Inserted cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@1135d34[Subject(31404820).principals=org.jboss.security.SimplePrincipal@12240026(anonymous)org.jboss.security.SimpleGroup@29462573(Roles(members)),credential.class=null,expirationTime=1250605678749]
TRACE [jboss.security.plugins.auth.JaasSecurityManagerBase.hska] End isValid, true
TRACE [org.jboss.security.audit.providers.LogAuditProvider] [Success]Source=org.jboss.security.integration.ejb.EJBAuthenticationHelper;principal=null;method=findKunden;
TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:{}

1. Re: Login doesn't work

juergen.zimmermann Oct 5, 2009 6:51 PM (in response to juergen.zimmermann)

Almost no activity in this forum: looks like this project is a dead one...
Actions
2. Re: Login doesn't work

jaikiran Oct 6, 2009 1:14 AM (in response to juergen.zimmermann)

"Juergen.Zimmermann" wrote:
Almost no activity in this forum: looks like this project is a dead one...

It indeed is a dead project. From time to time, I and some other members in this forum keep pointing to the new Embedded project, like here http://www.jboss.org/index.html?module=bb&op=viewtopic&t=161534#4257016
Actions
3. Re: Login doesn't work

jaikiran Oct 6, 2009 1:16 AM (in response to juergen.zimmermann)

"jaikiran" wrote:
From time to time, I and some other members in this forum keep pointing to the new Embedded project, like here http://www.jboss.org/index.html?module=bb&op=viewtopic&t=161534#4257016

And even here http://www.jboss.org/index.html?module=bb&op=viewtopic&t=159433 ;)
Actions

Go to original post