3 Replies Latest reply on Oct 6, 2009 1:16 AM by jaikiran pai

    Login doesn't work

    Juergen Zimmermann Master

      I'm using Embedded JBoss beta3.SP9. All tests are working fine as long as I don't use a security domain

      Using the EJB jar within an EAR inside JBossAS 5.1 (inclusive security domain) also works fine.

      Any hint for setting up the login mechanism with Embedded JBoss is appreciated.

      bootstrap/conf/login-config.xml:

      <?xml version='1.0'?>
      <!DOCTYPE policy PUBLIC
       "-//JBoss//DTD JBOSS Security Config 3.0//EN"
       "http://www.jboss.org/j2ee/dtd/security_config.dtd">
      <policy>
       <application-policy name="hska">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">java:/hskaDS</module-option>
       <module-option name="unauthenticatedIdentity">anonymous</module-option>
       <module-option name="principalsQuery">
       SELECT password
       FROM kunde
       WHERE username=?
       </module-option>
       <module-option name="rolesQuery">
       SELECT role, 'Roles'
       FROM hska_role r
       INNER JOIN kunde k ON r.kunde_fk = k.k_id
       WHERE k.username=?
       </module-option>
       <module-option name="hashAlgorithm">SHA-1</module-option>
       <module-option name="hashEncoding">base64</module-option>
       </login-module>
       </authentication>
       </application-policy>
      </policy>


      META-INF/jboss.xml:
      <?xml version="1.0"?>
      <!DOCTYPE jboss PUBLIC
       "-//JBoss//DTD JBOSS 5.0//EN"
       "http://www.jboss.org/j2ee/dtd/jboss_5_0.dtd">
      <jboss>
       <security-domain>hska</security-domain>
      </jboss>


      Code fragment for login:
      final Properties loginProps = new Properties();
      loginProps.setProperty(Context.SECURITY_PRINCIPAL, "2");
      loginProps.setProperty(Context.SECURITY_CREDENTIALS, "2");
      loginProps.setProperty(Context.SECURITY_PROTOCOL, "hska");
      ctx = new InitialContext(loginProps);
      LOGGER.info("Completed new InitialContext(loginProps)");
      ...
      LOGGER.info("Invoking the secured method");


      The log shows "User '2' authenticated, loginOk=true", but for the later authentication the user "anonymous" is used (Why ?):
      TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] ctor, contextID=hskaTest.jar
      TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=admin, p=("javax.security.jacc.EJBMethodPermission" "KundenverwaltungBean" "deleteKunde,,de.hska.kundenverwaltung.pojo.Kunde")[*:deleteKunde(de.hska.kundenverwaltung.pojo.Kunde)]
      TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=admin, p=("javax.security.jacc.EJBMethodPermission" "KundenverwaltungBean" "deleteKundeById,,java.lang.Long,java.util.Locale")[*:deleteKundeById(java.lang.Long,java.util.Locale)]
      TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=mitarbeiter, p=("javax.security.jacc.EJBMethodPermission" "KundenverwaltungBean" "createKunde,,de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale")[*:createKunde(de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale)]
      TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=admin, p=("javax.security.jacc.EJBMethodPermission" "KundenverwaltungBean" "createKunde,,de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale")[*:createKunde(de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale)]
      TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=mitarbeiter, p=("javax.security.jacc.EJBMethodPermission" "KundenverwaltungBean" "updateKunde,,de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale")[*:updateKunde(de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale)]
      TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=admin, p=("javax.security.jacc.EJBMethodPermission" "KundenverwaltungBean" "updateKunde,,de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale")[*:updateKunde(de.hska.kundenverwaltung.pojo.Kunde,java.util.Locale)]
      TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] addToRole, roleName=kunde, p=("javax.security.jacc.EJBMethodPermission" "BestellverwaltungBean" "create,,de.hska.bestellverwaltung.pojo.Bestellung,java.util.Locale")[*:create(de.hska.bestellverwaltung.pojo.Bestellung,java.util.Locale)]
      TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] commit
      TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(hska), size=1
      TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(hska), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
      ControlFlag: Anmeldemodul-Steuerflag: required
      Options:name=hashAlgorithm, value=SHA-1
      name=principalsQuery, value=SELECT password FROM kunde WHERE username=?
      name=unauthenticatedIdentity, value=anonymous
      name=hashEncoding, value=base64
      name=dsJndiName, value=java:/hskaDS
      name=rolesQuery, value=SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?
      
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: hska
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=anonymous
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Password hashing activated: algorithm = SHA-1, encoding = base64, charset = {default}, callback = null, storeCallback = null
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/hskaDS
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT password FROM kunde WHERE username=?
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT password FROM kunde WHERE username=?, with username: 2
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Obtained user password
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User '2' authenticated, loginOk=true
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets using rolesQuery: SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?, username: 2
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?, with username: 2
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role mitarbeiter
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role kunde
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
      INFO [de.hska.test.KundenverwaltungTest] Completed new InitialContext(loginProps)
      INFO [de.hska.test.KundenverwaltungTest] Invoking the secured method
      TRACE [jboss.security.plugins.auth.JaasSecurityManagerBase.hska] Begin isValid, principal:null, cache info: null
      TRACE [jboss.security.plugins.auth.JaasSecurityManagerBase.hska] defaultLogin, principal=null
      TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(hska), size=1
      TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(hska), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
      ControlFlag: Anmeldemodul-Steuerflag: required
      Options:name=hashAlgorithm, value=SHA-1
      name=principalsQuery, value=SELECT password FROM kunde WHERE username=?
      name=unauthenticatedIdentity, value=anonymous
      name=hashEncoding, value=base64
      name=dsJndiName, value=java:/hskaDS
      name=rolesQuery, value=SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?
      
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: hska
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=anonymous
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Password hashing activated: algorithm = SHA-1, encoding = base64, charset = {default}, callback = null, storeCallback = null
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/hskaDS
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT password FROM kunde WHERE username=?
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Authenticating as unauthenticatedIdentity=anonymous
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'anonymous' authenticated, loginOk=true
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets using rolesQuery: SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?, username: anonymous
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT role, 'Roles' FROM hska_role r INNER JOIN kunde k ON r.kunde_fk = k.k_id WHERE k.username=?, with username: anonymous
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] No roles found
      TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
      TRACE [jboss.security.plugins.auth.JaasSecurityManagerBase.hska] defaultLogin, lc=javax.security.auth.login.LoginContext@1b18970, subject=Subject(28334428).principals=org.jboss.security.SimplePrincipal@12240026(anonymous)org.jboss.security.SimpleGroup@29462573(Roles(members))
      TRACE [jboss.security.plugins.auth.JaasSecurityManagerBase.hska] updateCache, inputSubject=Subject(28334428).principals=org.jboss.security.SimplePrincipal@12240026(anonymous)org.jboss.security.SimpleGroup@29462573(Roles(members)), cacheSubject=Subject(31404820).principals=org.jboss.security.SimplePrincipal@12240026(anonymous)org.jboss.security.SimpleGroup@29462573(Roles(members))
      TRACE [jboss.security.plugins.auth.JaasSecurityManagerBase.hska] Inserted cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@1135d34[Subject(31404820).principals=org.jboss.security.SimplePrincipal@12240026(anonymous)org.jboss.security.SimpleGroup@29462573(Roles(members)),credential.class=null,expirationTime=1250605678749]
      TRACE [jboss.security.plugins.auth.JaasSecurityManagerBase.hska] End isValid, true
      TRACE [org.jboss.security.audit.providers.LogAuditProvider] [Success]Source=org.jboss.security.integration.ejb.EJBAuthenticationHelper;principal=null;method=findKunden;
      TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:{}