Why JBoss 5.1ga cannot get dsJndiName, principalsQuery and rolesQuery from login-config.xml
joycepan Jun 16, 2010 12:09 PMHi All,
I don't know what's wrong with my configuration of JBoss, I am using JAAS security on JBoss application server.
The following are the steps how I config:
1, Define Application Policy
Modify the login-config.xml file under $JBoss_Home/server/default/conf directory, I added the followings:
<application-policy name="Rose">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required"/>
<module-option name="unauthenticatedIdentity">guest</module-option>
<module-option name="dsJndiName">java:/PostgresDSD</module-option>
<module-option name="principalsQuery">select user_password from "ConfigDB".users where user_name = ?</module-option>
<module-option name="rolesQuery">
select system_role.role_desc, 'Roles' from "ConfigDB".system_role, "ConfigDB".user_role, "ConfigDB".users where users.id = user_role.user_id
and system_role.role_id = user_role.role_id and user_name = ?
</module-option>
<!--
<module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">base64</module-option>
</module-option>
-->
</authentication>
</application-policy>
2.Create Security Domain
Create a file named jboss-web.xml in the WEB-INF directory
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/Rose</security-domain>
<context-root>RoseCentralWeb</context-root>
</jboss-web>
3.Secure the application
3.1)Add authentication is web.xml
<login-config>
<auth-method>FORM</auth-method>
<realm-name>RoseCentralWeb</realm-name>
<form-login-config>
<form-login-page>/login/loginTest.jsp</form-login-page>
<form-error-page>/login/loginFail.jsp</form-error-page>
</form-login-config>
</login-config>
3.2) Create a loginTest.jsp page
<form action="j_security_check">
<table style="font-size:1.0em;" border="0">
<tr>
<td><%=userNmLabel %></td><td> <input name="j_username" size="30" type="text" /> </td>
</tr>
<tr>
<td><%=pwdLabel %></td><td> <input name="j_password" type="password" size="30" type="text" /> </td>
</tr>
</table>
<input type="submit" value="<%=loginBtnVal %>" />
</form>
3.3) Define secured resource and required roles to access
<security-constraint>
<display-name>RoseCentral_Admin</display-name>
<web-resource-collection>
<web-resource-name>RoseMap</web-resource-name>
<url-pattern>/roseMap/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>IntersectionMonitoring</web-resource-name>
<url-pattern>/intersectionMonitoring/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
When I run the application, the login always forward to loginFail.jsp, and check the server.log, I got the following error:
2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.Rose] (http-localhost%2F127.0.0.1-8080-3) Begin isValid, principal:J.Pan, cache info: null
2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.Rose] (http-localhost%2F127.0.0.1-8080-3) defaultLogin, principal=J.Pan
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-localhost%2F127.0.0.1-8080-3) Begin getAppConfigurationEntry(Rose), size=10
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-localhost%2F127.0.0.1-8080-3) End getAppConfigurationEntry(Rose), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) initialize
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) Security domain: Rose
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) DatabaseServerLoginModule, dsJndiName=java:/DefaultDS
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) principalsQuery=select Password from Principals where PrincipalID=?
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) rolesQuery=select Role, RoleGroup from Roles where PrincipalID=?
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) suspendResume=true
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) login
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) suspendAnyTransaction
2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.HsqlDbRealm] (http-localhost%2F127.0.0.1-8080-3) Begin isValid, principal:null, cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@1448f35[Subject(18953212).principals=org.jboss.security.SimplePrincipal@13030625(sa),credential.class=null,expirationTime=1276703913250]
2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.HsqlDbRealm] (http-localhost%2F127.0.0.1-8080-3) Begin validateCache, info=org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@1448f35[Subject(18953212).principals=org.jboss.security.SimplePrincipal@13030625(sa),credential.class=null,expirationTime=1276703913250];credential.class=null
2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.HsqlDbRealm] (http-localhost%2F127.0.0.1-8080-3) End validateCache, isValid=true
2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.HsqlDbRealm] (http-localhost%2F127.0.0.1-8080-3) End isValid, true
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) Excuting query: select Password from Principals where PrincipalID=?, with username: J.Pan
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) resumeAnyTransaction
2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) abort
2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.Rose] (http-localhost%2F127.0.0.1-8080-3) Login failure
javax.security.auth.login.LoginException: Query failed
at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:200)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.sql.SQLException: Table not found in statement [select Password from Principals where PrincipalID=?]
at org.hsqldb.jdbc.Util.throwError(Unknown Source)
at org.hsqldb.jdbc.jdbcPreparedStatement.<init>(Unknown Source)
at org.hsqldb.jdbc.jdbcConnection.prepareStatement(Unknown Source)
at org.jboss.resource.adapter.jdbc.BaseWrapperManagedConnection.doPrepareStatement(BaseWrapperManagedConnection.java:465)
at org.jboss.resource.adapter.jdbc.BaseWrapperManagedConnection.prepareStatement(BaseWrapperManagedConnection.java:453)
at org.jboss.resource.adapter.jdbc.WrappedConnection.prepareStatement(WrappedConnection.java:243)
at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:177)
... 30 more
I don't know why JBoss is getting the default value in DatabaseServerLoginModule.java, not the value I specified in login-config.xml. Is there any configuration that I am missing? Any help will appreciate.
Thanks
Joyce