2 Replies Latest reply on Oct 6, 2001 7:39 AM by Scy

    DatabaseServerLoginModule problem

    Scy Newbie

      I have a problem with the DatabaseServerLoginModule, where it called twice on a form-based security login, the second time with a null username and password.
      Since this always causes an exception, the login always fails. The first login suceeds with "User 'me' authenicated".

      My settings are fairly standard. No beans are used in the protected page, the login page or the login error page. My web.xml has the following:

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Restricted</web-resource-name>
      Restricted Area
      <url-pattern>/restricted/*</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Restricted</role-name>
      </auth-constraint>
      <user-data-constraint>
      no description
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Restricted Area</realm-name>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/loginerror.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      Restricted Area User
      <role-name>Restricted</role-name>
      </security-role>

      I have jboss/conf/tomcat/auth.conf with:

      // Database login module
      affiliate {
      org.jboss.security.auth.spi.DatabaseServerLoginModule sufficient
      dsJndiName="java:/mySQLDS"
      principalsQuery="select password from principals where emailAddress=?"
      rolesQuery="select role, role from principals where emailAddress=?"
      ;
      };

      The jboss/client/auth.conf uses the ClientLoginModule.

        • 1. Re: DatabaseServerLoginModule problem
          BlogEasy Support Newbie

          Found a small error in your jaas deployment setting in your auth.conf file. You had specified the following:

          rolesQuery="select role, role from principals where emailAddress=?"

          This will write in the role twice and hence overwrite the second parameter which should be the roleGroup called "Roles" which is currently the only one JBoss recognizes. I noticed this while browsing the code for the DatabaseServerLoginModule. The code that causes this is:

          protected Group[] getRoleSets() throws LoginException
          {
          ...
          do
          {
          String name = rs.getString(1);
          String groupName = rs.getString(2);
          if( groupName == null || groupName.length() == 0 )
          groupName = "Roles";
          Group group = (Group) setsMap.get(groupName);
          if( group == null )
          {
          group = new SimpleGroup(groupName);
          setsMap.put(groupName, group);
          }
          group.addMember(new SimplePrincipal(name));
          } while( rs.next() );
          ...
          }

          Hope this helps.

          • 2. Re: DatabaseServerLoginModule problem
            Scy Newbie

            Hit the nail on the head, thanks!