6 Replies Latest reply on Apr 17, 2002 3:30 PM by CLaus Guttesen

    problem authenticating using Jboss 3 RC1

    CLaus Guttesen Newbie

      Hi.

      I've used Jboss 3 beta (cvs-version from March) for quite a long time. Was able to deploy a bean and insert records in postgresql.

      When I downloadet RC1 my Postgresql-connection suddenly died. Resolved the issue by grabbing a new/changed postgres-service.xml from http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/jboss/jbosscx/src/etc/example-config/ as suggested by the link http://main.jboss.org/thread.jsp?forum=46&thread=12589.
      This registrered my datasource. But I can't deploy a bean. The error I get is (part of err.message removed):

      Deploying PostCodeTbl
      Failed to load users/passwords/role files
      Properties file users.properties not found

      So I add the missing users.properties-file in the conf-dir. get Jboss up and running. Then it tells me about a missing roles.properties which I also add. Adding the two properties-files finally gives me this error (parts of err.message removed):

      Deploying PostCodeTbl
      Exception in service lifecyle operation: create
      java.lang.SecurityException: Invalid authentication attempt, principal=null


      The question is: How can I (for the time being) bypass the username/password-issue that I'm presented with, so I can go on developing my app? Or add the necessary entries in the various files so I can deploy my bean?

      Basically I'm using the user claus which is a unix-user (FreeBSD) and a postgresql-user which created the table I'd like to access.

      I'd like to be able to track down the changes I have to make in order to make this work, but I've spent six hours just to change/add/edit the properties-files and my postgres-service.xml-file to no avail.

      The postgres-service.xml is:

      <?xml version="1.0" encoding="UTF-8"?>





      <!--make the rar deploy! hack till better deployment-->
      jboss.jca:service=RARDeployer
      <depends optional-attribute-name="ManagedConnectionFactoryName">

      <!--hack-->
      <depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=Minerva JDBC LocalTransaction ResourceAdapter

      <!--real attributes-->


      <config-property>
      <config-property-name>ConnectionURL</config-property-name>
      <config-property-type>java.lang.String</config-property-type>
      <config-property-value>jdbc:postgresql://localhost/profadb</config-property-value>
      </config-property>
      <config-property>
      <config-property-name>DriverClass</config-property-name>
      <config-property-type>java.lang.String</config-property-type>
      <config-property-value>org.postgresql.Driver</config-property-value>
      </config-property>
      <config-property>
      <config-property-name>UserName</config-property-name>
      <config-property-type>java.lang.String</config-property-type>
      <config-property-value>claus</config-property-value>
      </config-property>
      <config-property>
      <config-property-name>Password</config-property-name>
      <config-property-type>java.lang.String</config-property-type>
      <config-property-value>myPwd</config-property-value>
      </config-property>



      profaDS



      <depends optional-attribute-name="ManagedConnectionPool">
      <!--embedded mbean-->


      0
      50
      5000
      15
      <!--criteria indicates if Subject (from security domain) or app supplied
      parameters (such as from getConnection(user, pw)) are used to distinguish
      connections in the pool. Choices are
      ByContainerAndApplication (use both),
      ByContainer (use Subject),
      ByApplication (use app supplied params only),
      ByNothing (all connections are equivalent, usually if adapter supports
      reauthentication)-->
      ByContainer



      <depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager
      java:/jaas/PostgresDbRealm
      java:/TransactionManager




      users.properties:
      claus=

      roles.properties:
      claus=everyone

      I tried to add the password I'm using to gain access to the postgresql-db, but this didn't change my current situation.

      There is also a file called auth.conf, which I believe is the place to add my entries, but I'm uncertain of which.

      Using RC1/cvs from April 14'th, FreeBSD 4.5 (stable), linux-jdk13, postgresql 7.2.1.

      regards
      Claus

        • 1. Re: problem authenticating using Jboss 3 RC1
          Henrik Skovby Newbie

          Hi Claus

          I had the same problem after I upgraded to JBoss 3 RC1. What I did, was to fill in the user and password and remove the line:
          java:/jaas/PostgresDbRealm

          Somehow this bypasses the security check. I do not know if this is the way to do it, but it got my application up and running.

          Regards,
          Henrik

          • 2. Re: problem authenticating using Jboss 3 RC1
            Wellie Chao Newbie

            You need to modify login-config.xml in the conf directory. You should just be able to copy FirebirdDBRealm to something like PostgresDbRealm and change principal, userName, password, and managedConnectionFactoryName to appropriate values.

            • 3. Re: problem authenticating using Jboss 3 RC1
              CLaus Guttesen Newbie

              Hi.

              Thank you for your replies. Tried both suggestions, and I think I did manage to advance a bit in this case. But I still can't deploy my bean.

              I have changed postgres-service.xml so the following line is ignored (Tak Henrik):

              <!-- java:/jaas/PostgresDbRealm -->

              I also added the following entry (actually this was already added before I posted the first time) in login-config.xml (Thanks Wellie):

              <application-policy name = "PostgresDbRealm">

              <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
              flag = "required">
              <module-option name = "principal">udvikler</module-option>
              <module-option name = "userName">claus</module-option>
              <module-option name = "password">solskin</module-option>
              <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=profaDS</module-option>
              </login-module>

              </application-policy>


              The error I get when deploying my bean is this:

              14:43:41,951 INFO [EjbModule] Deploying PostCodeTbl
              14:43:42,337 ERROR [EntityContainer] Exception in service lifecyle operation: create
              org.jboss.deployment.DeploymentException: Error while fixing table name; - nested throwable is: java.sql.SQLException: Unable to get Connection: javax.resource.ResourceException: Need non-null subject for subject/cri based pooling
              java.sql.SQLException: Unable to get Connection: javax.resource.ResourceException: Need non-null subject for subject/cri based pooling

              I've searched Google for the error-message 'subject/cri', but no relevant links are found. Jboss.org's forums do not have this message at all.

              The next two lines in the error-message are these:

              at org.jboss.resource.adapter.jdbc.JDBCDataSource.getConnection(JDBCDataSource.java:114)
              at org.jboss.ejb.plugins.cmp.jdbc.SQLUtil.fixTableName(SQLUtil.java:38)

              The file ~/jboss-all/connector/src/main/org/jboss/resource/adapter/jdbc/JDBCDataSource.java mentions that it won't work if "if JNDI Serialization
              is used instead of a JNDI Reference." If that's the case I may be using serialization instead of references. But the code hasn't changed, and hence changes has been made in the implementation.

              "I'm going slightly mad" as Queens one sang. Hope you guys have a clue.

              regards
              Claus

              • 4. Re: problem authenticating using Jboss 3 RC1
                malix Newbie

                great!
                thank you henrik.
                this problem has been bothering me already serveral days.

                another famous problem is the NullPointerException([JBoss-User]), and I have followed
                David Ward's solution, remove all EJB classes from .war file.

                have you any Idea about it?

                thanks
                malix

                • 5. Re: problem authenticating using Jboss 3 RC1
                  David Jencks Master

                  Kometen-- The JDataStore-service.xml (cvs) has comments that may help you.

                  Uncomment the security domain element in your postgres-service.xml

                  • 6. Re: problem authenticating using Jboss 3 RC1
                    CLaus Guttesen Newbie

                    Hi.

                    It works, it's quite a relieve :-)

                    Thanks for all the suggestions. I'm not 100 % shure why, but I think that I copied the entry called HsqlDbRealm in login-config.xml, where my previous attempts was another entry. Here is what I've done:

                    Added an entry for postgresql in login-config.xml. The entry is:

                    <application-policy name = "PostgresDbRealm">

                    <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
                    flag = "required">
                    <module-option name = "principal">udvikler</module-option>
                    <module-option name = "userName">claus</module-option>
                    <module-option name = "password">solskin</module-option>
                    <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=profaDS</module-option>
                    </login-module>

                    </application-policy>

                    Uncommented the following entry in postgres-service.xml:
                    java:/jaas/PostgresDbRealm

                    Changed the line below so the criteria is ByContainer. I've changed the entry to the other values, and it still works, so I doubt that this has anything to do with it.

                    ByContainer

                    regards
                    Claus