2 Replies Latest reply on Nov 22, 2012 10:07 AM by Max Korn

    Database authentication

    Max Korn Newbie

      Hi all !

      I'm working to add login database authentication to my application and to the management interfaces.

      I've found a couple of resources across the net suggesting such a login-module configuration:

       


      <authentication>
         <login-module code="Database" flag="required">
            <module-option name="dsJndiName" value="java:jboss/datasources/MySqlDS"/>
            <module-option name="principalsQuery" value="select password from  PRINCIPLES where principal_id=?"/>
            <module-option name="rolesQuery" value="select user_role, 'Roles' from  ROLES where  principal_id=?"/>
            <module-option name="password-stacking" value="useFirstPass"/>

       


      <!-- Encryption Related module-options -->
            <module-option name="hashAlgorithm" value="MD5"/>
            <module-option name="hashEncoding" value="hex"/>

       

         </login-module>
         <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
            <module-option name="rolesProperties" value="${jboss.server.config.dir}/test-roles.properties"/>
            <module-option name="replaceRole" value="false"/>
         </login-module>

         </authentication>

       

       

      One thing I cannot understand is what is for the second <login module> block ? (the one which reads rolesProperties from a file)

      Is it used as a fallback mechanism if the Roles are not found into the ROLES table ?

      thanks

      Max

        • 1. Re: Database authentication
          erasmo2 marciano2 Master

          You have add also this code

           

          <security-realm name="ManagementRealm">

                          <authentication>

                                  <jaas name="DBAuthTest"/>

                          </authentication>

                  </security-realm>

           

           

          -------------------------------

           

          <security-domain name="DBAuthTest">

              <authentication>

                  <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                      <module-option name="dsJndiName" value="java:/MySqlDS"/>

                      <module-option name="principalsQuery" value="select password from  PRINCIPLES where principal_id=?"/>

                      <module-option name="rolesQuery" value="select user_role, 'Roles' from  ROLES where  principal_id=?"/>

                  </login-module>

                  <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">

                      <module-option name="rolesProperties" value="${jboss.server.config.dir}/test-roles.properties"/>

                      <module-option name="replaceRole" value="false"/>

                  </login-module>

              </authentication>

          </security-domain>

           

           

          <datasource jta="true" jndi-name="java:/MySqlDS" pool-name="MySqlDS" enabled="true" use-java-context="true" use-ccm="true">

                              <connection-url>jdbc:mysql://localhost:3306/jboss7</connection-url>

                              <driver>mysql</driver>

                              <security>

                                  <user-name>root</user-name>

                                  <password>${VAULT::password::password::ODRkMGMwYjMtMjVmYy00YmUyLTk0MjQtNTk0MTdmZDA4ZDY5TElORV9CUkVBS3ZhdWx0}</password>

                              </security>

                              <validation>

                                  <check-valid-connection-sql>select 1</check-valid-connection-sql>

                                  <exception-sorter class-name="org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter"/>

                              </validation>

                              <statement>

                                  <prepared-statement-cache-size>100</prepared-statement-cache-size>

                                  <share-prepared-statements>true</share-prepared-statements>

                              </statement>

                          </datasource>

           

           

          Add this code you can do a loggin AdminConsole with Database

          • 2. Re: Database authentication
            Max Korn Newbie

            Yes thanks for your reply, I've omitted that other sort of information, however I was just wondering what is the use of this:

                    <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">

                        <module-option name="rolesProperties" value="${jboss.server.config.dir}/test-roles.properties"/>

                        <module-option name="replaceRole" value="false"/>

                    </login-module>

            I can see that the login module works correctly also without it......

            Regards

            max