Log JDBC Security Query - JBOSS AS 7.0.1
ricardinho_rio Sep 24, 2011 3:11 PMHi Folks,
I am a little bit lost in JBoss since I have never worked with it and the first task that I got is to set up a login authentication with database and encryptation.
I created the principals and roles tables in PostGreSQL. I could set up the password that encrypted Base64 using MD5 algorithm.
I put the database configuration inside standalone.xml located at jboss7/standalone/configuration. The database is also configurated.
<security-domain name="testejsf2" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="dsJndiName" value="java:jboss/datasources/LoginDS"/>
<module-option name="principalsQuery" value="SELECT trim(password) FROM login.principals where principal_id = trim(?)"/>
<module-option name="rolesQuery" value="SELECT role, role_group FROM login.roles where principal_id = trim(?)"/>
</login-module>
</authentication>
</security-domain>
The WEB.XML is properly configurated as well:
<display-name>TestJSF2</display-name>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>faces/index.jspx</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>JSF resources</web-resource-name>
<description>Protects JSF resources</description>
<url-pattern>/faces/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Hello World Authorization</realm-name>
</login-config>
The problem is that it is stating that the user that I am using for testing does not have the admin role and in fact it has.
16:10:47,002 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-1) Authenticated 'ricardo' with type 'BASIC'
16:10:47,003 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-1) Calling accessControl()
16:10:47,003 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) Checking roles GenericPrincipal[ricardo()]
16:10:47,003 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) Username ricardo does NOT have role admin
16:10:47,003 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) No role found: admin
16:10:47,003 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-1) Failed accessControl() test
I also tried to put a trim in the roles query but has not worked.
I would like to debug the JDBC SQL queries. DOes anyone know how to solve my problem or debug JDBC SQL?