2 Replies Latest reply on Aug 21, 2007 4:59 AM by Pranjal Mathur

    Problems with DatabaseServerLoginModule

    Pranjal Mathur Newbie

      Hi

      I am trying to use the DatabaseServerLoginModule but am facing some problems. I have created a portal instance which has to be accessed after JAAS authentication.

      In my .war file for my portal instance i have the following files
      web.xml


      <servlet>
      <servlet-name>PortalServletWithPathMapping</servlet-name>
      <servlet-class>org.mex.portlets.login.servlet.LoginServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
      <security-role-ref>
      <role-name>Authenticated</role-name>
      <role-link>Authenticated</role-link>
      </security-role-ref>
      </servlet>


      <!-- Provide access to authenticated users -->
      <servlet-mapping>
      <servlet-name>PortalServletWithPathMapping</servlet-name>
      <url-pattern>/authpublic/*</url-pattern>
      </servlet-mapping>

      <!-- Force the mapping of the jsp and images because of the default servlet replacement -->
      <servlet-mapping>
      <servlet-name>jsp</servlet-name>
      <url-pattern>/login.jsp</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
      <servlet-name>jsp</servlet-name>
      <url-pattern>/error.jsp</url-pattern>
      </servlet-mapping>

      <resource-ref>
      <res-ref-name>jdbc/PortalDS</res-ref-name>
      <res-type>javax.sql.DataSource</res-type>
      <res-auth>Container</res-auth>
      <res-sharing-scope>Shareable</res-sharing-scope>
      </resource-ref>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Authenticated</web-resource-name>
      <description></description>
      <url-pattern>/authpublic/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Authenticated</role-name>
      </auth-constraint>
      </security-constraint>
      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>public</realm-name>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      <role-name>Authenticated</role-name>
      </security-role>


      my jboss-web.xml
      <jboss-web>
      <security-domain>java:jaas/publicportal</security-domain>
      <context-root>/public</context-root>
      <resource-ref>
      <res-ref-name>jdbc/PortalDS</res-ref-name>
      <jndi-name>java:PortalDS</jndi-name>
      </resource-ref>
      </jboss-web>


      in the login-config inside portal.sar i have added this

      <application-policy name = "publicportal">
      <authentication>
      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "unauthenticatedIdentity">guest</module-option>
      <module-option name = "dsJndiName">java:/PortalDS</module-option>
      <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
      <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
      </login-module>
      </authentication>
      </application-policy>


      I have even enabled logging as per the secutiry FAQ but when i log in i see null on the error.jsp page with no logging messages

      Basically
      request.getAttribute("org.jboss.portal.loginError")
      returns null and i am not able to login

      Can anyone please help




        • 1. Re: Problems with DatabaseServerLoginModule
          Pranjal Mathur Newbie

          I was able to solve the first problem

          but now when i log in using the database server logun module i get a class cast exception

          java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager
          at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
          at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
          at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
          at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
          at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
          at java.lang.Thread.run(Thread.java:595)


          Any clues as to how to solve this

          • 2. Re: Problems with DatabaseServerLoginModule
            Pranjal Mathur Newbie

            Some additional info

            In the logs its is displaying

            2007-08-21 13:44:40,523 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /public/j_security_check
            2007-08-21 13:44:40,523 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username 'admin'
            2007-08-21 13:44:40,523 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=admin
            2007-08-21 13:44:40,523 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container during the request processing
            java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager
            at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
            at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
            at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
            at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
            at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
            at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
            at java.lang.Thread.run(Thread.java:595)


            I have the following tables


            CREATE TABLE "MEXADMIN"."PRINCIPALS"
            ( "PRINCIPAL_ID" VARCHAR2(64 BYTE) NOT NULL ENABLE,
            "PASSWORD" VARCHAR2(64 BYTE),
            CONSTRAINT "PRINCIPALS_PK" PRIMARY KEY ("PRINCIPAL_ID") ENABLE
            ) ;

            CREATE TABLE "MEXADMIN"."ROLES"
            ( "PRINCIPAL_ID" VARCHAR2(4000 BYTE),
            "USER_ROLE" VARCHAR2(4000 BYTE),
            "ROLE_GROUP" VARCHAR2(4000 BYTE)
            ) ;


            with a user admin with password admin added to principals and admin added to roles table with user_role as Authenticated

            Please provide some clues for the soltuoin of this problem