1 Reply Latest reply on Oct 14, 2013 8:33 AM by Domen Cebulj

    JAAS custom DatabaseServerLoginModule and authorization failed in EJB

    Domen Cebulj Newbie

      I have problem with custom DatabaseServerLoginModue in Wildfly AS.

      I only override next method:

          import org.jboss.security.auth.spi.DatabaseServerLoginModule;
      
          public class TajnikDatabaseLoginModule extends DatabaseServerLoginModule {
              @Override
              protected boolean validatePassword(String inputPassword, String expectedPassword) {
                  if (inputPassword.equalsIgnoreCase(PasswordUtil.toSHA512(GlobalParam.AUTO_LOGIN_PASS))) {
                      return true;
                  }
                  return super.validatePassword(inputPassword, expectedPassword);
              }
          }
      

       

      And it's work perfect for autologin and login.

       

      Problem is when I use annotation in EJB:

      org.jboss.ejb3.annotation.SecurityDomain => @SecurityDomain("TajnikJAAS")
      

       

      Then I always get next error:

        javax.ejb.EJBAccessException: JBAS013323: Invalid User
      

       

      My jBoss configuration:

      <security-domain name="TajnikJAAS">
              <authentication>
                  <login-module code="my.login.TajnikDatabaseLoginModule" flag="required">
                      <module-option name="dsJndiName" value="java:jboss/datasources/TajnikRazvojDS"/>
                      <module-option name="principalsQuery" value="SELECT password FROM UserPrinciple WHERE UPPER(username)=UPPER(?) AND status='ACTIVATED'"/>
                      <module-option name="rolesQuery" value="SELECT role, 'Roles' FROM vi_username_roles WHERE UPPER(username)=UPPER(?)"/>
                      <module-option name="hashAlgorithm" value="SHA-512"/>
                      <module-option name="hashEncoding" value="hex"/>
                      <module-option name="unauthenticatedIdentity" value="guest"/>
                  </login-module>
              </authentication>
          </security-domain>
      

       

      But, if I use

         

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

        

      Then SecurityDomain and other annotation (@PermiAll, @RolesAllowed, etc.) works perfect.

       

      What I must fix that EJB annotation work perfect with my custom login module.

       

      Domen