0 Replies Latest reply on Jun 16, 2010 12:09 PM by Joyce Pan

    Why JBoss 5.1ga cannot get dsJndiName, principalsQuery and rolesQuery from login-config.xml

    Joyce Pan Newbie

      Hi All,

       

      I don't know what's wrong with my configuration of JBoss, I am using JAAS security on JBoss application server.

      The following are the steps how I config:

      1, Define Application Policy

      Modify the login-config.xml file under $JBoss_Home/server/default/conf directory, I added the followings:

       

      <application-policy name="Rose">
          <authentication>
            <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
              flag="required"/>
              <module-option name="unauthenticatedIdentity">guest</module-option>
              <module-option name="dsJndiName">java:/PostgresDSD</module-option>
              <module-option name="principalsQuery">select user_password from "ConfigDB".users where user_name = ?</module-option>
              <module-option name="rolesQuery">
                  select system_role.role_desc, 'Roles' from "ConfigDB".system_role, "ConfigDB".user_role, "ConfigDB".users where users.id = user_role.user_id
                  and system_role.role_id = user_role.role_id and user_name = ?
              </module-option>
              <!--
              <module-option>
                  <module-option name="hashAlgorithm">MD5</module-option>
                  <module-option name="hashEncoding">base64</module-option>
              </module-option>
              -->
          </authentication>
        </application-policy>

       

      2.Create Security Domain

      Create a file named jboss-web.xml in the WEB-INF directory

       

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
          <security-domain>java:/jaas/Rose</security-domain>
          <context-root>RoseCentralWeb</context-root>
      </jboss-web>

       

      3.Secure the application

      3.1)Add authentication is web.xml

       

      <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>RoseCentralWeb</realm-name>
        <form-login-config>
         <form-login-page>/login/loginTest.jsp</form-login-page>
         <form-error-page>/login/loginFail.jsp</form-error-page>
        </form-login-config>
      </login-config>

       

      3.2) Create a loginTest.jsp page

             <form action="j_security_check">
                  <table style="font-size:1.0em;" border="0">
                      <tr>
                          <td><%=userNmLabel %></td><td> <input name="j_username" size="30" type="text" /> </td>
                      </tr>
                      <tr>
                          <td><%=pwdLabel %></td><td> <input name="j_password" type="password" size="30" type="text" /> </td>
                      </tr>
                  </table>
                  <input type="submit" value="<%=loginBtnVal %>" />
              </form>

       

      3.3) Define secured resource and required roles to access

      <security-constraint>
        <display-name>RoseCentral_Admin</display-name>
        <web-resource-collection>
         <web-resource-name>RoseMap</web-resource-name>
         <url-pattern>/roseMap/*</url-pattern>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
         <http-method>DELETE</http-method>
         <http-method>HEAD</http-method>
         <http-method>OPTIONS</http-method>
         <http-method>TRACE</http-method>
         <http-method>PUT</http-method>
        </web-resource-collection>
        <web-resource-collection>
         <web-resource-name>IntersectionMonitoring</web-resource-name>
         <url-pattern>/intersectionMonitoring/*</url-pattern>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
         <http-method>PUT</http-method>
         <http-method>DELETE</http-method>
         <http-method>HEAD</http-method>
         <http-method>OPTIONS</http-method>
         <http-method>TRACE</http-method>
        </web-resource-collection>
        <auth-constraint>
         <role-name>Admin</role-name>
        </auth-constraint>
      </security-constraint>

       

      When I run the application, the login always forward to loginFail.jsp, and check the server.log, I got the following error:

       

      2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.Rose] (http-localhost%2F127.0.0.1-8080-3) Begin isValid, principal:J.Pan, cache info: null
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.Rose] (http-localhost%2F127.0.0.1-8080-3) defaultLogin, principal=J.Pan
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-localhost%2F127.0.0.1-8080-3) Begin getAppConfigurationEntry(Rose), size=10
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-localhost%2F127.0.0.1-8080-3) End getAppConfigurationEntry(Rose), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:

       

      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) initialize
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) Security domain: Rose
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) DatabaseServerLoginModule, dsJndiName=java:/DefaultDS
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) principalsQuery=select Password from Principals where PrincipalID=?
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) rolesQuery=select Role, RoleGroup from Roles where PrincipalID=?
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) suspendResume=true
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) login
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) suspendAnyTransaction
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.HsqlDbRealm] (http-localhost%2F127.0.0.1-8080-3) Begin isValid, principal:null, cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@1448f35[Subject(18953212).principals=org.jboss.security.SimplePrincipal@13030625(sa),credential.class=null,expirationTime=1276703913250]
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.HsqlDbRealm] (http-localhost%2F127.0.0.1-8080-3) Begin validateCache, info=org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@1448f35[Subject(18953212).principals=org.jboss.security.SimplePrincipal@13030625(sa),credential.class=null,expirationTime=1276703913250];credential.class=null
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.HsqlDbRealm] (http-localhost%2F127.0.0.1-8080-3) End validateCache, isValid=true
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.HsqlDbRealm] (http-localhost%2F127.0.0.1-8080-3) End isValid, true
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) Excuting query: select Password from Principals where PrincipalID=?, with username: J.Pan
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) resumeAnyTransaction
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-3) abort
      2010-06-16 11:40:58,890 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.Rose] (http-localhost%2F127.0.0.1-8080-3) Login failure
      javax.security.auth.login.LoginException: Query failed
          at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:200)
          at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
          at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
          at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
          at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
          at java.lang.Thread.run(Thread.java:619)
      Caused by: java.sql.SQLException: Table not found in statement [select Password from Principals where PrincipalID=?]
          at org.hsqldb.jdbc.Util.throwError(Unknown Source)
          at org.hsqldb.jdbc.jdbcPreparedStatement.<init>(Unknown Source)
          at org.hsqldb.jdbc.jdbcConnection.prepareStatement(Unknown Source)
          at org.jboss.resource.adapter.jdbc.BaseWrapperManagedConnection.doPrepareStatement(BaseWrapperManagedConnection.java:465)
          at org.jboss.resource.adapter.jdbc.BaseWrapperManagedConnection.prepareStatement(BaseWrapperManagedConnection.java:453)
          at org.jboss.resource.adapter.jdbc.WrappedConnection.prepareStatement(WrappedConnection.java:243)
          at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:177)
          ... 30 more

       

      I don't know why JBoss is getting the default value in DatabaseServerLoginModule.java, not the value I specified in login-config.xml. Is there any configuration that I am missing? Any help will appreciate.

       

      Thanks

       

      Joyce