Wildfly 10 DatabaseLoginModule and application client
gustavder3 Apr 5, 2016 10:46 AMHi all,
I Need your assistance for configuration a DatabaseLoginModule with wildfly 10.
I did the following:
standalone.xml
1. Define security realm for our application
<security-realm name="appRealm">
<server-identities>
<ssl protocol="TLS">
<keystore path="wfly.jks" relative-to="jboss.server.config.dir" keystore-password="password" alias="app-Test"/>
</ssl>
</server-identities>
<authentication>
<truststore path="wfly.jks" relative-to="jboss.server.config.dir" keystore-password="password"/>
<jaas name="application_login"/>
</authentication>
</security-realm>
2. Define security Domain for our application
<security-domain name="application_login" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/applicationDS"/>
<module-option name="principalsQuery" value="SELECT pw FROM ddic.dr_user WHERE user_name=?"/>
<module-option name="rolesQuery" value="SELECT roleid, 'Roles' FROM ddic.web_user_roles WHERE user_name=?"/>
<module-option name="hashAlgorithm" value="SHA-256"/>
<module-option name="hashEncoding" value="hex"/>
<module-option name="ignorePasswordCase" value="true"/>
<module-option name="hashCharset" value="UTF-8"/>
</login-module>
</authentication>
</security-domain>
The table ddic.dr_user contains the columns (user_name VARCHAR, pw VARCHAR)
pw is already stored as SHA-256, hex String in database
3. Define datasource used in upper configuration
<datasource jta="true" jndi-name="java:jboss/applicationDS" pool-name="hscerpDS" enabled="true" use-ccm="true" statistics-enabled="true">
<connection-url>jdbc:postgresql://localhost:5432/testDB</connection-url>
<driver-class>org.postgresql.Driver</driver-class>
<driver>postgresql-9.4.jar</Driver>
<pool>
<min-pool-size>0</min-pool-size>
<initial-pool-size>0</initial-pool-size>
<max-pool-size>10</max-pool-size>
<prefill>false</prefill>
<flush-strategy>Gracefully</flush-strategy>
</pool>
<security>
<user-name>dbuser</user-name>
<password>dbpassword</password>
</security>
<validation>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker"/>
<background-validation>true</background-validation>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter"/>
</validation>
</datasource>
4. Connection from secured servlet oder jsp is working perfectly
Now our Problem :
- our appliciation testclient tries to connect from a remote Client (see below)
-
String pw = "hello$";
HashEncoder encrypter = new HashEncoder();
String hashPW = encrypter.encryptSHA256(pw);
String hashedPassword = Util.createPasswordHash("SHA-256", "hex", null, "user", pw);
log.debug("pw = [" +pw + "]");
log.debug("pwhash = [" +hashPW + "]");
log.debug("pwhash1 = [" +hashedPassword + "]");
Properties p = new Properties();
p.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "true");
p.put("remote.connections", "one");
p.put("remote.connection.one.port", "8080");
p.put("remote.connection.one.host", "localhost");
p.put("remote.connection.one.username", "toz");
p.put("remote.connection.one.password", pw);
// p.put("remote.connection.one.password", hashPW);
// p.put("remote.connection.one.password", hashedPassword);
EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(p);
ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);
EJBClientContext.setSelector(selector);
Properties props = new Properties();
props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
InitialContext context = new InitialContext(props);
As the result we see some Information in our logfile
2016-04-05 16:18:52,172 TRACE [org.jboss.security] (default task-20) PBOX00236: Begin initialize method
2016-04-05 16:18:52,172 DEBUG [org.jboss.security] (default task-20) PBOX00281: Password hashing activated, algorithm: SHA-256, encoding: hex, charset: UTF-8, callback: null, storeCallBack: null
2016-04-05 16:18:52,172 TRACE [org.jboss.security] (default task-20) PBOX00262: Module options [dsJndiName: java:jboss/hscerpDS, principalsQuery: SELECT pw FROM ddic.dr_user WHERE user_name=?, rolesQuery: SELECT roleid, 'Roles' FROM ddic.web_user_roles WHERE user_name=?, suspendResume: true]
2016-04-05 16:18:52,172 TRACE [org.jboss.security] (default task-20) PBOX00240: Begin login method
2016-04-05 16:18:52,173 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default task-20) applicationDS: getConnection(null, WrappedConnectionRequestInfo@1bca9770[userName=hscerp]) [0/10]
2016-04-05 16:18:52,173 TRACE [org.jboss.security] (default task-20) PBOX00263: Executing query SELECT pw FROM ddic.dr_user WHERE user_name=? with username user
2016-04-05 16:18:52,173 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default task-20) applicationDS: returnConnection(4cd930d4, false) [1/10]
2016-04-05 16:18:52,173 DEBUG [org.jboss.security] (default task-20) PBOX00283: Bad password for username user
2016-04-05 16:18:52,173 TRACE [org.jboss.security] (default task-20) PBOX00244: Begin abort method, overall result: false
2016-04-05 16:18:52,173 DEBUG [org.jboss.security] (default task-20) PBOX00206: Login failure: javax.security.auth.login.FailedLoginException: PBOX00070: Password invalid/Password required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:286)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Any idea?
Thanks in advance
Tom