Problem using DatabaseServerLoginModule - Password ist not validated correctly
c.keimel Mar 5, 2014 9:32 AMHello
I am currently migrating from AS5.1 to Wildfly and I ran into a problem with DatabaseServerLoginModule that I have been working on for the last 2 days trying different approaches. We are remotely connecting to EJBs. The EJBs are in a security domain which uses DatabaseServerLoginModule the authenticate the user in the database. I configured everything aas documented and ran into an "Illegal
To find out what was going on I tested this with a custom login module which I subclassed from org.jboss.security.auth.spi.DatabaseServerLoginModule. I seams as if there is a problem with the validation of the password. The expected password is read correctly from the database but is then compared to a String which always resolves to something like "org.jboss.as.security.remoting.RemotingConnectionCredential@1a24ec8". This result is obtained in the function getUsernameAndPassword() which uses PasswordCallback to retreive the password.
I would have expected the password to be compared to the credentials that were put into the InitialContext environment on the client: test-password
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
env.put(Context.PROVIDER_URL, "http-remoting://localhost:8080");
env.put("jboss.naming.client.ejb.context", "true");
env.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
env.put(Context.SECURITY_PRINCIPAL, "test-user");
env.put(Context.SECURITY_CREDENTIALS, "test-password");
InitialContext jndiContext = new InitialContext(env);
Do I need to configure the InitialContext differently? Or do I need to configure the login module differently?
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName" value="java:/GosaDS"/>
<module-option name="hashUserPassword" value="false"/>
<module-option name="hashStorePassword" value="false"/>
<module-option name="principalsQuery" value="SELECT password FROM NGRID WHERE user_id = ?"/>
<module-option name="rolesQuery" value="SELECT rolle, 'Roles' FROM NGRID WHERE user_id = ?"/>
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="unauthenticatedIdentity" value="nobody"/>
</login-module>
Any pointers are very welcome!
This could be connected to this post: