2 Replies Latest reply on Apr 14, 2014 4:25 AM by Christoph Keimel

    Problem using DatabaseServerLoginModule - Password ist not validated correctly

    Christoph Keimel Newbie

      Hello

       

      I am currently migrating from AS5.1 to Wildfly and I ran into a problem with DatabaseServerLoginModule that I have been working on for the last 2 days trying different approaches. We are remotely connecting to EJBs. The EJBs are in a security domain which uses DatabaseServerLoginModule the authenticate the user in the database. I configured everything aas documented and ran into an "Illegal

       

      To find out what was going on I tested this with a custom login module which I subclassed from org.jboss.security.auth.spi.DatabaseServerLoginModule. I seams as if there is a problem with the validation of the password. The expected password is read correctly from the database but is then compared to a String which always resolves to something like "org.jboss.as.security.remoting.RemotingConnectionCredential@1a24ec8". This result is obtained in the function getUsernameAndPassword() which uses PasswordCallback to retreive the password.

       

      I would have expected the password to be compared to the credentials that were put into the InitialContext environment on the client: test-password

       

      Hashtable<String, String> env = new Hashtable<String, String>();

      env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

      env.put(Context.PROVIDER_URL, "http-remoting://localhost:8080");

      env.put("jboss.naming.client.ejb.context", "true");

      env.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

      env.put(Context.SECURITY_PRINCIPAL, "test-user");

      env.put(Context.SECURITY_CREDENTIALS, "test-password");

      InitialContext jndiContext = new InitialContext(env);

       

      Do I need to configure the InitialContext differently? Or do I need to configure the login module differently?

       

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

        <module-option name="dsJndiName" value="java:/GosaDS"/>

        <module-option name="hashUserPassword" value="false"/>

        <module-option name="hashStorePassword" value="false"/>

        <module-option name="principalsQuery" value="SELECT password FROM NGRID WHERE user_id = ?"/>

        <module-option name="rolesQuery" value="SELECT rolle, 'Roles' FROM NGRID WHERE user_id = ?"/>

        <module-option name="password-stacking" value="useFirstPass"/>

        <module-option name="unauthenticatedIdentity" value="nobody"/>

      </login-module>

       

      Any pointers are very welcome!

       

      This could be connected to this post:

      Cannot get password in custom LoginModule