2 Replies Latest reply on Apr 14, 2014 4:25 AM by c.keimel

Problem using DatabaseServerLoginModule - Password ist not validated correctly

c.keimel Mar 5, 2014 9:32 AM

Hello

I am currently migrating from AS5.1 to Wildfly and I ran into a problem with DatabaseServerLoginModule that I have been working on for the last 2 days trying different approaches. We are remotely connecting to EJBs. The EJBs are in a security domain which uses DatabaseServerLoginModule the authenticate the user in the database. I configured everything aas documented and ran into an "Illegal

To find out what was going on I tested this with a custom login module which I subclassed from org.jboss.security.auth.spi.DatabaseServerLoginModule. I seams as if there is a problem with the validation of the password. The expected password is read correctly from the database but is then compared to a String which always resolves to something like "org.jboss.as.security.remoting.RemotingConnectionCredential@1a24ec8". This result is obtained in the function getUsernameAndPassword() which uses PasswordCallback to retreive the password.

I would have expected the password to be compared to the credentials that were put into the InitialContext environment on the client: test-password

Hashtable<String, String> env = new Hashtable<String, String>();

env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

env.put(Context.PROVIDER_URL, "http-remoting://localhost:8080");

env.put("jboss.naming.client.ejb.context", "true");

env.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

env.put(Context.SECURITY_PRINCIPAL, "test-user");

env.put(Context.SECURITY_CREDENTIALS, "test-password");

InitialContext jndiContext = new InitialContext(env);

Do I need to configure the InitialContext differently? Or do I need to configure the login module differently?

<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

<module-option name="dsJndiName" value="java:/GosaDS"/>

<module-option name="hashUserPassword" value="false"/>

<module-option name="hashStorePassword" value="false"/>

<module-option name="principalsQuery" value="SELECT password FROM NGRID WHERE user_id = ?"/>

<module-option name="rolesQuery" value="SELECT rolle, 'Roles' FROM NGRID WHERE user_id = ?"/>

<module-option name="password-stacking" value="useFirstPass"/>

<module-option name="unauthenticatedIdentity" value="nobody"/>

</login-module>

Any pointers are very welcome!

This could be connected to this post:

Cannot get password in custom LoginModule

1. Re: Problem using DatabaseServerLoginModule - Password ist not validated correctly

jaikiran Apr 3, 2014 8:45 AM (in response to c.keimel)

Try adding the following to your initial context properties:

env.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
Actions
2. Re: Problem using DatabaseServerLoginModule - Password ist not validated correctly

c.keimel Apr 14, 2014 4:25 AM (in response to jaikiran)

Thanks for the help. That worked.
Before I had

remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

in my jboss-ejb-client.properties. After I removed this file and did the whole configuration in code it works as expected.
Actions

Go to original post