0 Replies Latest reply on Apr 5, 2016 10:46 AM by Tom Zschockelt

    Wildfly 10 DatabaseLoginModule and application client

    Tom Zschockelt Newbie

      Hi all,

      I Need your assistance for configuration a DatabaseLoginModule with wildfly 10.

       

      I did the following:

       

      standalone.xml

       

      1. Define security realm for our application

       

      <security-realm name="appRealm">

                      <server-identities>

                          <ssl protocol="TLS">

                              <keystore path="wfly.jks" relative-to="jboss.server.config.dir" keystore-password="password" alias="app-Test"/>

                          </ssl>

                      </server-identities>

                      <authentication>

                          <truststore path="wfly.jks" relative-to="jboss.server.config.dir" keystore-password="password"/>

                          <jaas name="application_login"/>

                      </authentication>

                  </security-realm>

       

      2. Define security Domain for our application

      <security-domain name="application_login" cache-type="default">

                          <authentication>

                              <login-module code="Database" flag="required">

                                  <module-option name="dsJndiName" value="java:jboss/applicationDS"/>

                                  <module-option name="principalsQuery" value="SELECT pw FROM ddic.dr_user WHERE user_name=?"/>

                                  <module-option name="rolesQuery" value="SELECT roleid, 'Roles' FROM ddic.web_user_roles WHERE user_name=?"/>

                                  <module-option name="hashAlgorithm" value="SHA-256"/>

                                  <module-option name="hashEncoding" value="hex"/>

                                  <module-option name="ignorePasswordCase" value="true"/>

                                  <module-option name="hashCharset" value="UTF-8"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       


      The table ddic.dr_user contains the columns (user_name VARCHAR, pw VARCHAR)

      pw is already stored as SHA-256, hex String in database


      3. Define datasource used in upper configuration


      <datasource jta="true" jndi-name="java:jboss/applicationDS" pool-name="hscerpDS" enabled="true" use-ccm="true" statistics-enabled="true">

                          <connection-url>jdbc:postgresql://localhost:5432/testDB</connection-url>

                          <driver-class>org.postgresql.Driver</driver-class>

                          <driver>postgresql-9.4.jar</Driver>

                          <pool>

                              <min-pool-size>0</min-pool-size>

                              <initial-pool-size>0</initial-pool-size>

                              <max-pool-size>10</max-pool-size>

                              <prefill>false</prefill>

                              <flush-strategy>Gracefully</flush-strategy>

                          </pool>

                          <security>

                              <user-name>dbuser</user-name>

                              <password>dbpassword</password>

                          </security>

                          <validation>

                              <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker"/>

                              <background-validation>true</background-validation>

                              <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter"/>

                          </validation>

                      </datasource>

       

       

      4. Connection from secured servlet oder jsp is working perfectly

       

      Now our Problem :

      - our appliciation testclient tries to connect from a remote Client (see below)

      -

       

        String pw = "hello$";
        HashEncoder encrypter = new HashEncoder();
        String hashPW = encrypter.encryptSHA256(pw);
        String hashedPassword = Util.createPasswordHash("SHA-256", "hex", null, "user", pw);
        log.debug("pw      = [" +pw + "]");
        log.debug("pwhash  = [" +hashPW + "]");
        log.debug("pwhash1 = [" +hashedPassword + "]");
        Properties p = new Properties();
           p.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "true");
           p.put("remote.connections", "one");
           p.put("remote.connection.one.port", "8080");
           p.put("remote.connection.one.host", "localhost");
           p.put("remote.connection.one.username", "toz");
           p.put("remote.connection.one.password", pw);

      //   p.put("remote.connection.one.password", hashPW);

      //   p.put("remote.connection.one.password", hashedPassword);

       

           EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(p);
           ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);
           EJBClientContext.setSelector(selector);

           Properties props = new Properties();
           props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
           InitialContext context = new InitialContext(props);

       

       

      As the result we see some Information in our logfile

       

      2016-04-05 16:18:52,172 TRACE [org.jboss.security] (default task-20) PBOX00236: Begin initialize method

      2016-04-05 16:18:52,172 DEBUG [org.jboss.security] (default task-20) PBOX00281: Password hashing activated, algorithm: SHA-256, encoding: hex, charset: UTF-8, callback: null, storeCallBack: null

      2016-04-05 16:18:52,172 TRACE [org.jboss.security] (default task-20) PBOX00262: Module options [dsJndiName: java:jboss/hscerpDS, principalsQuery: SELECT pw FROM ddic.dr_user WHERE user_name=?, rolesQuery: SELECT roleid, 'Roles' FROM ddic.web_user_roles WHERE user_name=?, suspendResume: true]

      2016-04-05 16:18:52,172 TRACE [org.jboss.security] (default task-20) PBOX00240: Begin login method

      2016-04-05 16:18:52,173 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default task-20) applicationDS: getConnection(null, WrappedConnectionRequestInfo@1bca9770[userName=hscerp]) [0/10]

      2016-04-05 16:18:52,173 TRACE [org.jboss.security] (default task-20) PBOX00263: Executing query SELECT pw FROM ddic.dr_user WHERE user_name=? with username user

      2016-04-05 16:18:52,173 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default task-20) applicationDS: returnConnection(4cd930d4, false) [1/10]

      2016-04-05 16:18:52,173 DEBUG [org.jboss.security] (default task-20) PBOX00283: Bad password for username user

      2016-04-05 16:18:52,173 TRACE [org.jboss.security] (default task-20) PBOX00244: Begin abort method, overall result: false

      2016-04-05 16:18:52,173 DEBUG [org.jboss.security] (default task-20) PBOX00206: Login failure: javax.security.auth.login.FailedLoginException: PBOX00070: Password invalid/Password required

      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:286)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

       

       

      Any idea?

       

      Thanks in advance

      Tom