6 Replies Latest reply on Jul 28, 2009 4:05 PM by Peter Johnson

    Enabling CaseInsensitiveness for username

    sateesh kommineni Newbie

      Hi,

      I am trying to allow the users to login using either lowercase or uppercase username.

      I have updated the login-config.xml file to include the following setting

      <module-option name="validateUserNameCase">false</module-option>

      Still it doesn't allow the user to login using the lowercase. i have created the user names in uppercase and they are stored in an oracle DB.

      The JBoss EPP Version we are using is : 4.3
      Oracle db version : 10.2.0.3.0
      Java Version : 1.6.0.

      Thanks
      Mars

        • 1. Re: Enabling CaseInsensitiveness for username
          Peter Johnson Master

          From the code it looks like this option converts the entered name to lowercase and then does the lookup. When using the predefined security mechanism, where the portal creates and maintains the user names, this makes sense, and even works. Since you are validating against an existing database with uppercase names (or did you populate the user table directly from Oracle?), it will not work.

          • 2. Re: Enabling CaseInsensitiveness for username
            sateesh kommineni Newbie

            Hi Peter,

            Thanks for your response..

            We actually loaded the Users and Roles using the setup.txt file and using the HibernateUserImpl and HibernateRoleImpl Classes in it.

            So when the Portal Server starts up and i guess it checks for the existence of the Portal specific tables in the oracle instance and if they don't exists the Portal server creates the schema and loads the Users and Roles.

            I am not sure whether we can configure the option of allowing the users to login using lower & upper case or do we need to Override any of the LoginConfiguration Modules to do this..

            Thanks
            Mars

            • 3. Re: Enabling CaseInsensitiveness for username
              Peter Johnson Master

              The easiest thing would be to place the usernames in lowercase in the setup.txt file (the load is done directly by Hibernate and thus the validateUserNameCase is not used). Or you could extend the existing IdentifyLoginModule and use uppercase names. All you would have to provide is the getUserName method. Its in jboss-epp-4.3-src/portal/modules/identity/identity/src/main/org/jboss/portal/identity/auth/IdentityLoginModule.java in the source download.

              • 4. Re: Enabling CaseInsensitiveness for username
                sateesh kommineni Newbie

                Hi,

                I tried changing the case in setup.txt and it didn't solve the issue.

                I am able to login using lowercase but when i try to login using uppercase it throws an Error saying "The user doesn't exist or the password is incorrect ".

                I guess i need to extend the LoginModule as it seems that's the only option left behind..

                Thanks
                Mars

                • 5. Re: Enabling CaseInsensitiveness for username
                  sateesh kommineni Newbie

                  Hi Peter,

                  I checked the Source of IdentityLoginModule.java and it has getUserName() method which is returning the username converted to lower case.

                  I am not sure why after changing all the usernames on setup.txt to lowercase it still doesn't work when i try to login using the upper case user names !!!

                  [CODE]

                  protected String getUsername()
                  {
                  if (userNameToLowerCase != null && userNameToLowerCase.equalsIgnoreCase("true"))
                  {
                  return super.getUsername().toLowerCase();
                  }
                  return super.getUsername();
                  }

                  [/CODE]

                  Thanks
                  Mars

                  • 6. Re: Enabling CaseInsensitiveness for username
                    Peter Johnson Master

                    You might double-check the data in the database (table jbp_users), and use Oracle to monitor the queries. That might give you some clues as to what it going wrong.