1 Reply Latest reply on Jun 4, 2012 5:28 PM by potemkin

    Configuring container managed security

    potemkin Newbie

      Hi,

       

      I did the following in standalone.xml:

       

              <subsystem xmlns="urn:jboss:domain:datasources:1.0">

                  <datasources>

                  ....

                      <xa-datasource jndi-name="java:jboss/datasources/security" pool-name="Security" enabled="true" use-ccm="false">

                          <xa-datasource-property name="URL">

                              jdbc:mysql://localhost:3306/test

                          </xa-datasource-property>

                          <xa-datasource-property name="User">

                              root

                          </xa-datasource-property>

                          <xa-datasource-property name="Password">

                              root

                          </xa-datasource-property>

                          <driver>com.mysql</driver>

                      </xa-datasource>

                  ....

                  </datasources>

              </subsystem>

       

              <subsystem xmlns="urn:jboss:domain:security:1.1">

                  <security-domains>

                  ....

                      <security-domain name="SgpRealm">

                          <authentication>

                              <login-module code="Database" flag="required">

                                  <module-option name="dsJndiName" value="java:jboss/datasources/security"/>

                                  <module-option name="principalsQuery" value="select password from users where username = ?"/>

                                  <module-option name="rolesQuery" value="select r.name from roles r inner join users_roles ur on ur.role_id = r.id inner join users u on u.id = ur.user_id where u.username = ?"/>

                                  <module-option name="unauthenticatedIdentity" value="anonymous"/>

                              </login-module>

                          </authentication>

                      </security-domain>

                  </security-domains>

              </subsystem>

       

      My queries return something like the following:

       

      select password from users where username = 'test' result: test

      select r.name from roles r inner join users_roles ur on ur.role_id = r.id inner join users u on u.id = ur.user_id where u.username = 'test' result: ROLE_USER

       

      My web.xml has the following:

       

      <security-constraint>

          <web-resource-collection>

              <web-resource-name>htm</web-resource-name>

              <url-pattern>*.htm</url-pattern>

          </web-resource-collection>

          <auth-constraint>

              <role-name>ROLE_USER</role-name>

          </auth-constraint>

      </security-constraint>

       

      <security-role>

          <role-name>ROLE_USER</role-name>

      </security-role>

       

      But I always get the exception:

       

      17:59:18,635 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--0.0.0.0-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

                at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final]

                at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:155) [picketbox-4.0.7.Final.jar:4.0.7.Final]

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_31]

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_31]

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_31]

                at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_31]

                at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [rt.jar:1.6.0_31]

                at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_31]

                at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_31]

                at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_31]

                at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_31]

                at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_31]

                at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

                at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

                at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

                at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

                at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

                at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.13.Final.jar:]

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:381) [jbossweb-7.0.13.Final.jar:]

                at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]

                at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]

                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]

                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]

                at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]

                at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_31]

       

      I'm trying to make it work first without password hashing to have one less thing to worry about. The admin interface says it can connect to the database successfully.

       

      Am I missing something?

       

      Thanks