6 Replies Latest reply on Aug 22, 2002 3:37 AM by Jürgen Denzel

    FORM based authentication using DatabaseServerLoginModule. P

    Jürgen Denzel Newbie

      Hi,

      I tried the basic authentication using the DatabaseServerLoginModule with JBoss 3.0 and it worked.
      But, I do not have a clue how to get the DatabaseServerLoginModule invoked using FORM authentication,
      I checked the whole forum, but could not find an answer, also the Tutorial does not provide an answer.
      I have a simple HTML login page containing a form witch calls a servlet, which then should trigger
      the DatabaseServerLoginModule.

      My Servlet looks like this:

      public class SecureServlet extends HttpServlet
      {
      protected void processRequest(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException
      {
      String name = request.getParameter("name");
      String passwd = request.getParameter("passwd");
      char[] password = passwd.toCharArray();
      try
      {
      AppCallbackHandler handler = new AppCallbackHandler(name, password);
      LoginContext lc = new LoginContext("testDB", handler);
      System.out.println("Created LoginContext");
      lc.login();
      }
      catch (LoginException le)
      {
      throw new ServletException("Login failed", le);
      }
      }

      protected void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException
      {
      processRequest(request, response);
      }

      protected void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException
      {
      processRequest(request, response);
      }
      }

      I configured the authentication policy in login-config.xml:

      <application-policy name = "testDB">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name = "dsJndiMName">java:/MySqlDS</module-option>
      <module-option name = "principalsQuery">select passwd from Users username where username=?</module-option>
      <module-option name = "rolesQuery">select userRoles, 'Roles' from UserRoles where username=?</module-option>
      </login-module>

      </application-policy>

      The login module is not called, it just tells me...

      08:23:06,870 WARN [JBossUserRealm#testDB] authentication failure: tester
      08:23:06,870 WARN [Jetty] WARNING: AUTH FAILURE: user tester

      Does anybody have a clue what I do wrong.
      Any help apreshiated.
      Thank you.

      jd

        • 1. Re: FORM based authentication using DatabaseServerLoginModul
          Matt Newbie

          I get a similiar error when trying to use basic auth. I'm sure I'm not specifying the security domain in jboss-web.xml properly. How did you do it for basic ? Also, do we have to implement the login ourselves in a servlet ? Surely jboss should do this for us thru j_security_check ?

          matt.

          • 2. Re: FORM based authentication using DatabaseServerLoginModul
            Stefan Lettmayer Newbie

            Your login-config section in the web.xml should look similar to this:
            <login-config>
            <auth-method>FORM</auth-method>
            <realm-name>Secured Area</realm-name>
            <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/failed.jsp</form-error-page>
            </form-login-config>
            </login-config>

            And in the login.jsp page the action of the form should be set to "j_security_check". The name of the input field containing the name should be j_username and the field of the password should be j_password.

            Jboss handles the calls the DatabaseServerLoginModule for you.

            - Stefan

            • 3. Re: FORM based authentication using DatabaseServerLoginModul
              Jürgen Denzel Newbie

              Hi,
              Thanks for your answer, I also tried that, but with no luck.
              My web.xml looks like this:
              <login-config>
              <auth-method>FORM</auth-method>
              <realm-name>testDB</realm-name>
              <form-login-config>
              <form-login-page>/login.jsp</form-login-page>
              <form-error-page>/login_failed.jsp</form-error-page>
              </form-login-config>
              </login-config>

              The jsp login page calls j_security_check with j_username and j_password, but no matter what login I use (correct or incorrect) the login_failed.jsp page gets displayed.

              On the server it says (using incorrect credentials)
              18:44:15,368 WARN [JBossUserRealm#testDB] authentication failure: xxx

              When I use a correct username and password, just
              18:44:16,259 INFO [Jetty] JSP: init
              is displayed and the login_failed.jsp in the browser.

              Does anyone have an explanation for this.
              Thanks a lot.

              jd

              • 4. Re: FORM based authentication using DatabaseServerLoginModul
                Torsten Terp Newbie

                Hi

                I have had it running like sharkman describes it for a while now on jBoss3.01RC1, but i recently changed to jBoss3.0.1 and now my login jsp page is just rendered blank. What jBoss version are you guys on?

                ^Torsten

                • 5. Re: FORM based authentication using DatabaseServerLoginModul
                  brian Newbie

                  Hi,

                  Are there typos in your policy?

                  (1) Select passwd from Users username where username=?
                  --> why put a username after Users? is it an alias?

                  (2) Select userRoles, 'Roles' from ...
                  --> why single quoted Roles?

                  (3) <module-option name = "dsJndiMName">
                  --> should it be dsJndiName? you put an extra M in the middle.

                  In addition, I think Role shoulds be the first selected field and RoleGroup the next.


                  Here is my policy and it works:

                  <application-policy name = "farglory">

                  <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
                  <module-option name = "dsJndiName">java:/TaiwuDS</module-option>
                  <module-option name = "principalsQuery">select Password from JAASPrincipal where PrincipalID=?</module-option>
                  <module-option name = "rolesQuery">select Role, RoleGroup from JAASRole where PrincipalID=?</module-option>
                  </login-module>

                  </application-policy>


                  Good Luck.

                  Brian

                  • 6. Re: FORM based authentication using DatabaseServerLoginModul
                    Jürgen Denzel Newbie

                    Thank you very much for your answers. I will try this.

                    jd