2 Replies Latest reply on Oct 6, 2001 7:39 AM by scytayl

    DatabaseServerLoginModule problem

    scytayl
    scytayl Oct 5, 2001 10:08 AM

      I have a problem with the DatabaseServerLoginModule, where it called twice on a form-based security login, the second time with a null username and password.
      Since this always causes an exception, the login always fails. The first login suceeds with "User 'me' authenicated".

      My settings are fairly standard. No beans are used in the protected page, the login page or the login error page. My web.xml has the following:

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Restricted</web-resource-name>
      Restricted Area
      <url-pattern>/restricted/*</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Restricted</role-name>
      </auth-constraint>
      <user-data-constraint>
      no description
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Restricted Area</realm-name>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/loginerror.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      Restricted Area User
      <role-name>Restricted</role-name>
      </security-role>

      I have jboss/conf/tomcat/auth.conf with:

      // Database login module
      affiliate {
      org.jboss.security.auth.spi.DatabaseServerLoginModule sufficient
      dsJndiName="java:/mySQLDS"
      principalsQuery="select password from principals where emailAddress=?"
      rolesQuery="select role, role from principals where emailAddress=?"
      ;
      };

      The jboss/client/auth.conf uses the ClientLoginModule.

      • 9444 Views
      • Tags:
        • 1. Re: DatabaseServerLoginModule problem
          adrock
          adrock Oct 5, 2001 4:47 PM (in response to scytayl)

          Found a small error in your jaas deployment setting in your auth.conf file. You had specified the following:

          rolesQuery="select role, role from principals where emailAddress=?"

          This will write in the role twice and hence overwrite the second parameter which should be the roleGroup called "Roles" which is currently the only one JBoss recognizes. I noticed this while browsing the code for the DatabaseServerLoginModule. The code that causes this is:

          protected Group[] getRoleSets() throws LoginException
          {
          ...
          do
          {
          String name = rs.getString(1);
          String groupName = rs.getString(2);
          if( groupName == null || groupName.length() == 0 )
          groupName = "Roles";
          Group group = (Group) setsMap.get(groupName);
          if( group == null )
          {
          group = new SimpleGroup(groupName);
          setsMap.put(groupName, group);
          }
          group.addMember(new SimplePrincipal(name));
          } while( rs.next() );
          ...
          }

          Hope this helps.

            • Actions
          • 2. Re: DatabaseServerLoginModule problem
            scytayl
            scytayl Oct 6, 2001 7:39 AM (in response to scytayl)

            Hit the nail on the head, thanks!

              • Actions