2 Replies Latest reply on Sep 26, 2011 4:44 AM by fabrizio.benedetti

    Log JDBC Security Query - JBOSS AS 7.0.1

    ricardinho_rio
    ricardinho_rio Sep 24, 2011 3:11 PM

      Hi Folks,

       

      I am a little bit lost in JBoss since I have never worked with it and the first task that I got is to set up a login authentication with database and encryptation.

       

      I created the principals and roles tables in PostGreSQL. I could set up the password that encrypted Base64 using MD5 algorithm.

      I put the database configuration inside standalone.xml located at jboss7/standalone/configuration. The database is also configurated.

                      <security-domain name="testejsf2" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                                  <module-option name="hashAlgorithm" value="MD5"/>

                                  <module-option name="hashEncoding" value="base64"/>

                                  <module-option name="dsJndiName" value="java:jboss/datasources/LoginDS"/>

                                  <module-option name="principalsQuery" value="SELECT trim(password) FROM login.principals where principal_id = trim(?)"/>

                                  <module-option name="rolesQuery" value="SELECT role, role_group FROM login.roles where principal_id = trim(?)"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

      The WEB.XML is properly configurated as well:

      <display-name>TestJSF2</display-name>

      <servlet>

      <servlet-name>Faces Servlet</servlet-name>

      <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>

      <load-on-startup>1</load-on-startup>

      </servlet>

      <servlet-mapping>

      <servlet-name>Faces Servlet</servlet-name>

      <url-pattern>/faces/*</url-pattern>

      </servlet-mapping>

      <welcome-file-list>

                          <welcome-file>faces/index.jspx</welcome-file>

                </welcome-file-list>

                <security-constraint> 

                          <web-resource-collection> 

                                    <web-resource-name>JSF resources</web-resource-name> 

                                    <description>Protects JSF resources</description> 

                                    <url-pattern>/faces/*</url-pattern> 

                          </web-resource-collection>            

                          <auth-constraint> 

                                    <role-name>admin</role-name> 

                          </auth-constraint> 

                </security-constraint> 

                <security-role> 

                          <role-name>admin</role-name> 

                </security-role> 

                <login-config> 

                           <auth-method>BASIC</auth-method> 

                           <realm-name>Hello World Authorization</realm-name> 

                </login-config>

       

       

      The problem is that it is stating that the user that I am using for testing does not have the admin role and in fact it has.

      16:10:47,002 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-1) Authenticated 'ricardo' with type 'BASIC'

      16:10:47,003 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-1)  Calling accessControl()

      16:10:47,003 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1)   Checking roles GenericPrincipal[ricardo()]

      16:10:47,003 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) Username ricardo does NOT have role admin

      16:10:47,003 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-1) No role found:  admin

      16:10:47,003 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-1)  Failed accessControl() test

       

      I also tried to put a trim in the roles query but has not worked.

      I would like to debug the JDBC SQL queries. DOes anyone know how to solve my problem or debug JDBC SQL?

      • 1382 Views
      • Tags:
        • 1. Re: Log JDBC Security Query - JBOSS AS 7.0.1
          ricardinho_rio
          ricardinho_rio Sep 25, 2011 5:37 PM (in response to ricardinho_rio)

          I could found this when setting the log to TRACE.

          16:35:43,742 TRACE [org.jboss.modules] (http--127.0.0.1-8080-1) Class org.jboss.modules.ConcurrentClassLoader not found from Module "org.jboss.logmanager:main" from local module loader @42c0ef0 (roots: C:\jboss-as-web-7.0.1.Final\modules)

          16:35:43,735 TRACE [org.jboss.security.plugins.TransactionManagerLocator] (http--127.0.0.1-8080-1) Exception in getJBossTM:: java.lang.ClassNotFoundException: org.jboss.tm.TransactionManagerLocator from [Module "deployment.TestJSF2.war:main" from Service Module Loader]

                    at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:191)

                    at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:358)

                    at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:307)

                    at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:101)

                    at org.jboss.security.plugins.TransactionManagerLocator.getJBossTM(TransactionManagerLocator.java:86) [picketbox-4.0.1.jar:4.0.1]

                    at org.jboss.security.plugins.TransactionManagerLocator.getTM(TransactionManagerLocator.java:70) [picketbox-4.0.1.jar:4.0.1]

                    at org.jboss.security.auth.spi.DatabaseServerLoginModule.getTransactionManager(DatabaseServerLoginModule.java:285) [picketbox-4.0.1.jar:4.0.1]

                    at org.jboss.security.auth.spi.DatabaseServerLoginModule.initialize(DatabaseServerLoginModule.java:129) [picketbox-4.0.1.jar:4.0.1]

                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.7.0]

                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [:1.7.0]

                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [:1.7.0]

                    at java.lang.reflect.Method.invoke(Method.java:601) [:1.7.0]

                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:771) [:1.7.0]

                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [:1.7.0]

                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [:1.7.0]

                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [:1.7.0]

                    at java.security.AccessController.doPrivileged(Native Method) [:1.7.0]

                    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [:1.7.0]

                    at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [:1.7.0]

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.1.jar:4.0.1]

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.1.jar:4.0.1]

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.1.jar:4.0.1]

                    at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.0.1.Final.jar:7.0.1.Final]

                    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [jbossweb-7.0.1.Final.jar:7.0.1.Final]

                    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446) [jbossweb-7.0.1.Final.jar:7.0.1.Final]

                    at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.0.1.Final.jar:7.0.1.Final]

                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.1.Final.jar:7.0.1.Final]

                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.1.Final.jar:7.0.1.Final]

                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.1.Final.jar:7.0.1.Final]

                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.1.Final.jar:7.0.1.Final]

                    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.1.Final.jar:7.0.1.Final]

                    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.1.Final.jar:7.0.1.Final]

                    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.0.1.Final]

                    at java.lang.Thread.run(Thread.java:722) [:1.7.0]

           

           

          16:35:43,743 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-1) login

            • Actions
          • 2. Re: Log JDBC Security Query - JBOSS AS 7.0.1
            fabrizio.benedetti
            fabrizio.benedetti Sep 26, 2011 4:44 AM (in response to ricardinho_rio)

            Have you added a jboss-web.xml in WEB-INF with the security domain mapping?

            (<security-domain>java:/jaas/testejsf2</security-domain> in your case).

              • Actions