2 Replies Latest reply on May 21, 2002 11:43 AM by Tim Nakamura

    Form-based authentication and DatabaseServerLoginModule

    Tim Nakamura Newbie

      I'm using JBoss 2.4.4 with catalina 4.0.1 on windows 2000.

      Help! I'm trying to set up form-based authentication and the DatabaseServerLoginModule. The login page is displayed when i try to access a protected area, however when I enter the userId and password and click on login, I get the following printstacktrace:
      [ERROR,EmbeddedCatalinaServiceSX] HttpProcessor[8080][4] process.invoke
      java.lang.ClassCastException: com.sun.security.auth.login.ConfigFile
      at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:215)
      at javax.security.auth.login.LoginContext$1.run(LoginContext.java:170)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.init(LoginContext.java:167)
      at javax.security.auth.login.LoginContext.<init>(LoginContext.java:339)
      at javax.security.auth.login.LoginContext.<init>(LoginContext.java:454)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:393)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:361)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:217)
      at org.jboss.web.catalina.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:253)
      at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:263)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:459)
      at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
      at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
      at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
      at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2344)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
      at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
      at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
      at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
      at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163)
      at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
      at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011)
      at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106)
      at java.lang.Thread.run(Thread.java:536)

      Here are my config files:
      NOte: SQL tested and verified in bcgasadmin

      1. $jboss_home\jboss\conf\catalina\auth.conf
      simple {
      org.jboss.security.auth.spi.SimpleServerLoginModule required;
      };

      bcgasadmin {
      org.jboss.security.auth.spi.DatabaseServerLoginModule required
      dsJndiName="java:/SQLServerDS"
      principalsQuery="SELECT password FROM Users WHERE userName=?"
      rolesQuery="SELECT userRole, roleGroup FROM UserRoles WHERE userName=?"
      unauthenticatedIdentity=guest;
      };

      client-login {
      org.jboss.security.ClientLoginModule required;
      };



      // The default server login module
      other {
      org.jboss.security.auth.spi.UsersRolesLoginModule required
      unauthenticatedIdentity="nobody";
      };

      2. $jboss_home\jboss\client\auth.conf
      srp {
      // Example client auth.conf for using the SRPLoginModule
      org.jboss.security.srp.jaas.SRPLoginModule required
      password-stacking="useFirstPass"
      principalClassName="org.jboss.security.SimplePrincipal"
      srpServerJndiName="SRPServerInterface"
      debug=true
      ;

      // jBoss LoginModule
      org.jboss.security.ClientLoginModule required
      password-stacking="useFirstPass"
      ;

      // Put your login modules that need jBoss here
      };

      other {
      // Put your login modules that work without jBoss here

      // jBoss LoginModule
      org.jboss.security.ClientLoginModule required;

      // Put your login modules that need jBoss here
      };

      3. JBoss-web.xml in Web-Inf
      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
      <security-domain>java:/jaas/bcgasadmin</security-domain>
      </jboss-web>

      4. Standardjaws.xml
      <datasource>java:/SQLServerDS</datasource>
      <type-mapping>MS SQLSERVER2000</type-mapping>
      <debug>false</debug>

      5. Jboss.jcml
      <mbean code="org.jboss.jdbc.JdbcProvider" name="DefaultDomain:service=JdbcProvider">
      <attribute name="Drivers">org.hsqldb.jdbcDriver,com.microsoft.jdbc.sqlserver.SQLServerDriver,oracle.jdbc.driver.OracleDriver</attribute>
      </mbean>

      <mbean code="org.jboss.jdbc.XADataSourceLoader" name="DefaultDomain:service=XADataSource,name=SQLServerDS">
      <attribute name="PoolName">SQLServerDS</attribute>
      <attribute name="DataSourceClass">org.jboss.pool.jdbc.xa.wrapper.XADataSourceImpl</attribute>
      <attribute name="Properties"></attribute>
      <attribute name="URL">jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=Northwind</attribute>
      <attribute name="GCMinIdleTime">1200000</attribute>
      <attribute name="JDBCUser">sa</attribute>
      <attribute name="Password" />
      <attribute name="MaxSize">10</attribute>
      <attribute name="GCEnabled">false</attribute>
      <attribute name="InvalidateOnError">false</attribute>
      <attribute name="TimestampUsed">false</attribute>
      <attribute name="Blocking">true</attribute>
      <attribute name="GCInterval">120000</attribute>
      <attribute name="IdleTimeout">1800000</attribute>
      <attribute name="IdleTimeoutEnabled">false</attribute>
      <attribute name="LoggingEnabled">true</attribute>
      <attribute name="MaxIdleTimeoutPercent">1.0</attribute>
      <attribute name="MinSize">0</attribute>
      </mbean>

      6. standardjboss.xml
      <jboss>
      <security-domain>java:/jaas/bcgasadmin</security-domain>
      ...
      </jboss>

      7. login.jsp
      <form method="GET" action='<%=response.encodeURL("j_security_check")%>'>
      <TABLE align="left" border="0" width="100%">
      <TR>
      <TH align="right">
      User Name
      </TH>
      <TD><input type="text" name="j_username" size=30 maxlength="50"/></TD>
      </TR>
      <TR>
      <TH align="right">
      Password:
      </TH>
      <TD><input type="password" name="j_password" size=30 maxlength="50"/></TD>
      </TR>
      <TR>
      <TD colspan="2" align="center">
      <INPUT TYPE="submit" name="j_security_check" VALUE="login"/>
      </TD>
      </TR>
      </TABLE>
      </form>

      8. Web.xml
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
      <web-app>
      <display-name>loginform</display-name>
      <description>Form based authentication login form</description>
      <security-constraint>
      <display-name>admin, user</display-name>
      <web-resource-collection>
      <web-resource-name>loginForm</web-resource-name>
      <url-pattern>/jsp/protected/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>adminGroup</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>
      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/jsp/security/login.jsp</form-login-page>
      <form-error-page>/jsp/security/loginErr.jsp</form-error-page>
      </form-login-config>
      </login-config>
      <security-role>
      <description>Administrators</description>
      <role-name>adminGroup</role-name>
      </security-role>
      <security-role>
      <description>Users</description>
      <role-name>userGroup</role-name>
      </security-role>
      </web-app>

        • 1. Re: Form-based authentication and DatabaseServerLoginModule
          Scott Stark Master

          Show the complete structure of your war including the
          contents of the WEB-INF/classes and WEB-INF/lib

          • 2. Re: Form-based authentication and DatabaseServerLoginModule
            Tim Nakamura Newbie

            I sort of solved it. I upgraded to 2.4.6 with catalina 4.0.3. The form-authentication started to work. I also had to change the RoleGroup to 'Roles' in my UserRoles table.

            Q1. Does anyone know how the RoleGroup is used?

            I still don't know what the problem was with 2.4.4_Tomcat4.0.1.

            Here are the root files in my war:
            Volume in drive D is Drive_D
            Volume Serial Number is B0F9-63AD

            Directory of D:\Projects\bcGas\sdk\JBoss-2.4.6_Tomcat-4.0.3\jboss\tmp\deploy\Default\connect.war\web1003\jsp

            05/21/2002 09:27a .
            05/21/2002 09:27a ..
            05/21/2002 09:23a footer
            05/21/2002 09:23a header
            05/21/2002 09:23a images
            05/21/2002 09:23a protected
            05/21/2002 09:23a security
            1 File(s) 0 bytes

            Directory of D:\Projects\bcGas\sdk\JBoss-2.4.6_Tomcat-4.0.3\jboss\tmp\deploy\Default\connect.war\web1003\jsp\footer

            05/21/2002 09:23a .
            05/21/2002 09:23a ..
            05/19/2002 06:15a 275 footer.jsp
            1 File(s) 275 bytes

            Directory of D:\Projects\bcGas\sdk\JBoss-2.4.6_Tomcat-4.0.3\jboss\tmp\deploy\Default\connect.war\web1003\jsp\header

            05/21/2002 09:23a .
            05/21/2002 09:23a ..
            05/19/2002 06:15a 1,494 header.jsp
            1 File(s) 1,494 bytes

            Directory of D:\Projects\bcGas\sdk\JBoss-2.4.6_Tomcat-4.0.3\jboss\tmp\deploy\Default\connect.war\web1003\jsp\images

            05/21/2002 09:23a .
            05/21/2002 09:23a ..
            05/19/2002 06:15a 1,365 bcg_inc_logo.gif
            05/19/2002 06:15a 3,816 inc_blue_bar.jpg
            2 File(s) 5,181 bytes

            Directory of D:\Projects\bcGas\sdk\JBoss-2.4.6_Tomcat-4.0.3\jboss\tmp\deploy\Default\connect.war\web1003\jsp\protected

            05/21/2002 09:23a .
            05/21/2002 09:23a ..
            05/19/2002 06:15a 326 index.jsp
            1 File(s) 326 bytes

            Directory of D:\Projects\bcGas\sdk\JBoss-2.4.6_Tomcat-4.0.3\jboss\tmp\deploy\Default\connect.war\web1003\jsp\security

            05/21/2002 09:23a .
            05/21/2002 09:23a ..
            05/19/2002 06:15a 910 login.jsp
            05/19/2002 06:15a 324 loginErr.jsp
            2 File(s) 1,234 bytes

            Total Files Listed:
            8 File(s) 8,510 bytes
            17 Dir(s) 6,027,464,704 bytes free

            Here are the lib files:

            05/19/2002 06:15a 104,195 jaas.jar
            05/19/2002 06:15a 89,043 jboss-client.jar
            05/19/2002 06:15a 55,569 jboss-j2ee.jar
            05/19/2002 06:15a 225,774 jbossmq-client.jar
            05/19/2002 06:15a 39,406 jbosssx-client.jar
            05/19/2002 06:15a 20,685 jnp-client.jar
            05/19/2002 06:15a 158,805 log4j.jar
            05/19/2002 06:15a 75,126 servlet.jar
            9 File(s) 768,603 bytes
            2 Dir(s) 6,027,468,800 bytes free

            There is also a default manifest file in META-INF.