5 Replies Latest reply on Dec 18, 2003 9:34 AM by Don Griffing

    JBoss 3.03 Tomcat bundle MySQL DatabaseServerLoginModule aut

    Tom Judge Newbie

      Hi,

      I have been trying pretty hard (ok extremely hard) to get J2EE form based authentication working against a MySQL database with users and roles using the DatabaseServerLoginModule and ConfiguredIdentityLoginModule (not sure at this point whether you need both). I am using the JBOSS Tomcat bundle "jboss-3.0.3_tomcat-4.1.12". I have managed to get the form to appear and challenge for a login. However, no matter what I type the application always redirects to the configured login error page. I am running on Windows 2000 Professional with "mysql-3.23.53-win" and the JDK includes Sun's "Java HotSpot(TM) Client VM (build 1.3.0-C, mixed mode)". I am running mysql-max-nt as a service with logging turned on (--log). I can therefore see that JBOSS NEVER talks to MySQL because there is nothing in the log :). However, the WebApp (which uses struts) configures a datasource via the "struts-config.xml" file to talk to MySQL. The application uses this datasource to store and retrieve data perfectly and I can see its queries in the MySQL logs. I have tried lots of combintaions of configurations from these links:

      http://gd.tuwien.ac.at/infosys/servers/jboss/JBoss.3.0QuickStart.Draft4.pdf
      http://www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22830.html//www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22830.html
      http://jobs-nyc.com/index.jsp?template=jboss_3_3
      http://jobs-nyc.com/index.jsp?template=jboss_4_2
      http://jobs-nyc.com/index.jsp?template=jboss_4_3
      Quote from Previous URL : "I can't get this to f@#$ing work...little point for documentation"
      http://www.phil.cmu.edu/~wwheeler/jboss_db.html
      http://www.purposesolutions.com/Resources/EclipseJ2EE.html

      In my latest configuration (in common with a variety of others), there are no errors of any kind in the JBOSS logs and indeed no indication that any kind of authentication is taking place. I have attempted to increase the log4j logging level on JBOSS to DEBUG. However, probably as I am new to JBOSS this doesn't seem to have much affect (other than in the boot.log). I am a seasoned developer. Whilst I am new to JBOSS I have been working with WebSphere for years. I have noticed in the postings above that I am not alone in having trouble with getting this to work. It must be some configuration error. I would be better able to track it down if there was any indication at all from JBOSS that something was amiss!

      Please help. I think that using JBOSS with MySQL as a database and J2EE security is probably a very common configuration that people would want to use as all of the system elements are more or less free. I hope that I have made a very silly configuration error. Please tell me what it is?

      Tom

      See below for my latest configuration

      1) MySQL configuration taken from here (see section Installing MySQL): http://www.purposesolutions.com/Resources/EclipseJ2EE.html.

      2) mysql-service.xml copied to the "...\default\deploy" folder from examples. This came with my distribution, so that is why I am basing my configuration on it. I like to only make the smallest changes that I think I need to. All I have done is uncomment this line: MySqlDbRealm in accordance with the instructions in the file and change the connection url. Now here is where I start to get confused. What is the relationship between "ConfiguredIdentityLoginModule" which the "mysql-service.xml" file indicates that you should put in "login-conf.xml" and "DatabaseServerLoginModule". I cannot see how having a "ConfiguredIdentityLoginModule" alone will allow JBOSS to interrogate MySQL for authentication. The "DatabaseServerLoginModule" configures the necessary queries. My best interpretation is that you need both, this seems to tally with what is presented here http://www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22830.html//www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22830.html even though this person seems to be having a similar problem to me, i.e. it doesn't work. Scott Stark doesn't seem to indicate that the configuration should be any different. Thanks Scott!

      <?xml version="1.0" encoding="UTF-8"?>

      <!-- ===================================================================== -->
      <!-- -->
      <!-- JBoss Server Configuration -->
      <!-- -->
      <!-- ===================================================================== -->



      <!-- ==================================================================== -->
      <!-- New ConnectionManager setup for mysql using 2.0.11 driver -->
      <!-- Build jmx-api (build/build.sh all) and view for config documentation -->
      <!-- ==================================================================== -->




      <!-- Include a login module configuration named MySqlDbRealm.
      Update your login-conf.xml, here is an example for a
      ConfiguredIdentityLoginModule:

      <application-policy name = "MySqlDbRealm">

      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
      <module-option name = "principal">yourprincipal</module-option>
      <module-option name = "userName">yourusername</module-option>
      <module-option name = "password">yourpassword</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MySqlDS</module-option>
      </login-module>

      </application-policy>

      NOTE: the application-policy name attribute must match SecurityDomainJndiName, and the
      module-option name = "managedConnectionFactoryName"
      must match the object name of the ConnectionManager you are configuring here.
      -->

      MySqlDbRealm

      <depends optional-attribute-name="ManagedConnectionFactoryName">
      <!--embedded mbean-->


      MySqlDS



      <config-property name="ConnectionURL" type="java.lang.String">jdbc:mysql://localhost:3306/judge</config-property>
      <config-property name="DriverClass" type="java.lang.String">org.gjt.mm.mysql.Driver</config-property>
      <!--set these only if you want only default logins, not through JAAS -->
      <config-property name="UserName" type="java.lang.String"></config-property>
      <config-property name="Password" type="java.lang.String"></config-property>




      <!--Below here are advanced properties -->
      <!--hack-->
      <depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper




      <depends optional-attribute-name="ManagedConnectionPool">
      <!--embedded mbean-->


      0
      50
      5000
      15
      <!--criteria indicates if Subject (from security domain) or app supplied
      parameters (such as from getConnection(user, pw)) are used to distinguish
      connections in the pool. Choices are
      ByContainerAndApplication (use both),
      ByContainer (use Subject),
      ByApplication (use app supplied params only),
      ByNothing (all connections are equivalent, usually if adapter supports
      reauthentication)-->
      ByContainer



      <depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager

      <depends optional-attribute-name="JaasSecurityManagerService">jboss.security:service=JaasSecurityManager

      java:/TransactionManager
      <!--make the rar deploy! hack till better deployment-->
      jboss.jca:service=RARDeployer






      3) Here is the relevant portion of my "login-config.xml". Note that I put this at the beginning of the file just inside the policy element, so that it would be processed first. This may or may not be correct. Anyway as indicated earlier it doesn't work!

      <application-policy name = "MySqlDbRealm">

      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
      <module-option name = "principal">root</module-option>
      <module-option name = "userName">root</module-option>
      <module-option name = "password">blah</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MySqlDS</module-option>
      </login-module>

      </application-policy>

      <application-policy name = "jdbcRealm">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name = "dsJndiName">java:/MySqlDS</module-option>
      <module-option name = "principalsQuery">select password from users username where username=?</module-option>
      <module-option name = "rolesQuery">select role, roleGroup from userroles where username=?</module-option>
      </login-module>

      </application-policy>

      4) I should mention that I did download and copy "mysql-connector-java-2.0.14-bin.jar" to the .../default/lib folder. My database user is the root user and has full access to everyhting. I have tried other users as well to no effect. As I mentioned earlier the struts datasource has no problem talking to MySQL. Extract from "struts-config.xml":

      <data-sources>
      <data-source>
      <set-property property="driverClass"
      value="org.gjt.mm.mysql.Driver" />
      <set-property property="url"
      value="jdbc:mysql://localhost/judge" />
      <set-property property="maxCount"
      value="5"/>
      <set-property property="minCount"
      value="1"/>
      <set-property property="user"
      value="root"/>
      <set-property property="password"
      value="blah"/>
      </data-source>
      </data-sources>

      5) My "web.xml" looks like this. N.B. I have used "jdbcRealm" in this snapshot, I have also tried putting "MySqlDbRealm". Neither works or makes JBOSS display any different messages.

      <web-app>
      <display-name>WebSite</display-name>


      <servlet-name>action</servlet-name>
      <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
      <init-param>
      <param-name>config</param-name>
      <param-value>/WEB-INF/struts-config.xml</param-value>
      </init-param>
      <load-on-startup>1</load-on-startup>


      <servlet-mapping>
      <servlet-name>action</servlet-name>
      <url-pattern>*.do</url-pattern>
      </servlet-mapping>

      <!-- The Welcome File List -->
      <welcome-file-list>
      <welcome-file>index.html</welcome-file>
      </welcome-file-list>


      <taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
      <taglib-location>/WEB-INF/struts-html.tld</taglib-location>


      <security-constraint>
      <display-name>admin</display-name>
      <web-resource-collection>
      <web-resource-name>Web Site</web-resource-name>
      Web Site
      <url-pattern>/app/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      Site Administration
      <role-name>admin</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>jdbcRealm</realm-name>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/loginerr.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      <role-name>admin</role-name>
      </security-role>

      </web-app>

      6) Here is my "jboss-web.xml". Again, I have also tried this with the "jdbcRealm" to no avail.

      <jboss-web>
      <security-domain>java:/jaas/MySqlDbRealm</security-domain>
      <context-root>/home</context-root>
      </jboss-web>


      7) Finally, here is some log output.

      boot.log
      ...
      11:57:54,912 INFO [MainDeployer] Starting deployment of package: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
      11:57:54,932 DEBUG [MainDeployer] Starting deployment (init step) of package at: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
      11:57:54,932 DEBUG [UnifiedClassLoader] New jmx UCL with url file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/tmp/deploy/server/default/lib/mysql-connector-java-2.0.14-bin.jar/6.mysql-connector-java-2.0.14-bin.jar
      11:57:54,932 DEBUG [UnifiedClassLoader] New jmx UCL with url file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/tmp/deploy/server/default/lib/mysql-connector-java-2.0.14-bin.jar/6.mysql-connector-java-2.0.14-bin.jar
      11:57:54,932 DEBUG [UnifiedLoaderRepository2] Adding org.jboss.mx.loading.UnifiedClassLoader@1319c{ url=file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/tmp/deploy/server/default/lib/mysql-connector-java-2.0.14-bin.jar/6.mysql-connector-java-2.0.14-bin.jar }
      11:57:54,962 DEBUG [JARDeployer] no xmls found
      11:57:54,962 DEBUG [MainDeployer] using deployer org.jboss.deployment.JARDeployer@50a5d9
      11:57:54,962 DEBUG [MainDeployer] found 0 subpackages of file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
      11:57:54,962 DEBUG [MainDeployer] Watching new file: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
      11:57:54,962 DEBUG [MainDeployer] create step for deployment file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
      11:57:54,962 DEBUG [MainDeployer] Done with create step of deploying mysql-connector-java-2.0.14-bin.jar
      11:57:54,962 DEBUG [MainDeployer] Begin deployment start file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
      11:57:54,962 DEBUG [MainDeployer] End deployment start on package: mysql-connector-java-2.0.14-bin.jar
      11:57:54,962 INFO [MainDeployer] Deployed package: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
      11:57:55,002 DEBUG [SARDeployer] deployed classes for file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/lib/mysql-connector-java-2.0.14-bin.jar
      ...
      server.log
      ...
      2002-12-01 11:58:12,407 WARN [org.jboss.system.ServiceController] jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper does not implement any Service methods
      2002-12-01 11:58:12,417 WARN [org.jboss.system.ServiceController] jboss.jca:service=LocalTxDS,name=hsqldbDS does not implement any Service methods
      2002-12-01 11:58:12,427 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Creating
      2002-12-01 11:58:12,467 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Created
      2002-12-01 11:58:12,467 WARN [org.jboss.system.ServiceController] jboss.jca:service=LocalTxDS,name=MySqlDS does not implement any Service methods
      2002-12-01 11:58:12,487 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Creating
      2002-12-01 11:58:12,497 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Created
      2002-12-01 11:58:12,537 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Starting
      2002-12-01 11:58:12,617 INFO [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.DefaultDS] Bound connection factory for resource adapter 'JBoss LocalTransaction JDBC Wrapper' to JNDI name 'java:/DefaultDS'
      2002-12-01 11:58:12,627 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Started
      2002-12-01 11:58:12,638 INFO [org.jboss.resource.connectionmanager.LocalTxConnectionManager] Starting
      2002-12-01 11:58:12,688 INFO [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@5e222e
      2002-12-01 11:58:12,708 INFO [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@15fb38
      2002-12-01 11:58:12,718 INFO [org.jboss.security.plugins.JaasSecurityManagerService] Added MySqlDbRealm, org.jboss.security.plugins.SecurityDomainContext@20540c to map
      2002-12-01 11:58:12,748 INFO [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.MySqlDS] Bound connection factory for resource adapter 'JBoss LocalTransaction JDBC Wrapper' to JNDI name 'java:/MySqlDS'
      ...
      2002-12-01 11:58:17,014 INFO [org.jboss.web.localhost.Engine] ContextConfig[/home]: Configured an authenticator for method FORM
      2002-12-01 11:58:18,756 INFO [org.jboss.web.catalina.EmbeddedCatalinaService41] Using Java2 parent classloader delegation: true
      2002-12-01 11:58:18,766 INFO [org.jboss.web.localhost.Engine] StandardManager[/home]: Seeding random number generator class java.security.SecureRandom
      2002-12-01 11:58:18,786 INFO [org.jboss.web.localhost.Engine] StandardManager[/home]: Seeding of random number generator has been completed
      2002-12-01 11:58:18,806 INFO [org.jboss.web.localhost.Engine] StandardWrapper[/home:default]: Loading container servlet default
      2002-12-01 11:58:20,058 INFO [org.jboss.web.localhost.Engine] StandardWrapper[/home:invoker]: Loading container servlet invoker
      2002-12-01 11:58:20,098 INFO [org.jboss.deployment.MainDeployer] Deployed package: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/deploy/web-abacuswebsite.war
      2002-12-01 11:58:20,118 INFO [org.jboss.deployment.scanner.URLDeploymentScanner] Started
      2002-12-01 11:58:20,128 INFO [org.jboss.deployment.MainDeployer] Deployed package: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/conf/jboss-service.xml
      2002-12-01 11:58:20,148 INFO [org.jboss.system.server.Server] JBoss (MX MicroKernel) [3.0.3 Date:200209301503] Started in 0m:26s:938ms

      And nothing more.. even when I log in. If I change the domain in jboss-web.xml to "jdbcRealm" and hot redeploy the app. When I attempt to login the JBOSS server shows the output below. However, I can see in the MySQL logs that it still doesn't attempt to authenticate me.

      2002-12-01 12:06:15,792 INFO [org.jboss.deployment.MainDeployer] Deployed package: file:/D:/jboss-3.0.3_tomcat-4.1.12/server/default/deploy/ejb-abacuswebsite.jar
      2002-12-01 12:06:45,896 INFO [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@3829d5
      2002-12-01 12:06:45,896 INFO [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@429c19
      2002-12-01 12:06:45,926 INFO [org.jboss.security.plugins.JaasSecurityManagerService] Added jdbcRealm, org.jboss.security.plugins.SecurityDomainContext@16318b to map

        • 1. Re: JBoss 3.03 Tomcat bundle MySQL DatabaseServerLoginModule
          Tom Judge Newbie

          Ok,

          I missed some of the replies to the thread I mentioned in my previous post. From this post:

          http://www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22966.html//www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22966.html

          It looks like Todd and Scott have sorted the problem out. I need to try I few things myself. I will let you know how I get on.

          Cheers,

          Tom

          • 2. Re: JBoss 3.03 Tomcat bundle MySQL DatabaseServerLoginModule
            Tom Judge Newbie

            Hello Again,

            This comment from Scott helped:

            Turn on DEBUG level messages by editing the conf/lo4j.xml file and removing the from the FILE appender...

            It would be a really good idea if this was VERY near the front of the JBoss Quick Start guide. It is just another one of those things that once you know you assume everybody knows.

            I am still using "<security-domain>java:/jaas/jdbcRealm</security-domain>" in jboss-web.xml and
            "<realm-name>jdbcRealm</realm-name>" in web.xml. I now get "principal=null".

            I am currently wading through the large number of posts on this topic to see if any are relevant to my problem!

            I have nearly reached the end of 12 pages of posts at 10 per page, nothing has worked yet. Most people seem to get past the initial login, but have problems when EJBs are called. I am not getting that far.

            Also, some people seem to be using configuration steps in auth.conf.

            Should I try that? The top of my auth.conf says:

            // This file is now obsolete but is read for backward compatability
            // Use the login-config.xml file instead
            // $Id: auth.conf,v 1.12 2002/04/14 18:59:49 starksm Exp $


            I have spent a good while on this. However, I can see that some people have spent weeks on similar issues.

            I am sure this problem will be solved in good time, just as so many other things are and I will forget all about it.

            At the moment it is driving me nuts. Hearing about other people's frustrations is very therapeutic.

            I hope that hearing about mine alleviates your frustrations somewhat. However, I must say that some help would not go amiss.

            Cheers,

            Tom

            2002-12-01 15:57:40,796 DEBUG [org.jboss.web.catalina.EmbeddedCatalinaService41] Binding security/securityMgr to NullSecurityManager
            ...
            2002-12-01 15:57:41,977 DEBUG [org.jboss.web.catalina.EmbeddedCatalinaService41] Linking security/securityMgr to JNDI name: java:/jaas/jdbcRealm
            ...
            2002-12-01 16:21:15,410 DEBUG [org.jboss.security.plugins.JaasSecurityManager.jdbcRealm] Login failure
            javax.security.auth.login.LoginException: java.lang.SecurityException: Invalid authentication attempt, principal=null
            at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:707)
            at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:531)
            at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:812)
            at org.jboss.resource.adapter.jdbc.local.LocalDataSource.getConnection(LocalDataSource.java:102)
            at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:96)
            at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:143)
            at java.lang.reflect.Method.invoke(Native Method)
            at javax.security.auth.login.LoginContext.invoke(LoginContext.java:664)
            at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
            at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
            at java.security.AccessController.doPrivileged(Native Method)
            at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
            at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
            at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:381)
            at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:347)
            at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:215)
            at org.jboss.web.catalina.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:281)
            at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:263)

            If I specify MySqlDbRealm in the jboss-web.xml and leave jdbcReam in the web.xml the exception I get turns into this.
            Similar, but different!

            2002-12-01 19:13:22,199 DEBUG [org.jboss.security.plugins.JaasSecurityManager.MySqlDbRealm] Login failure
            javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Must supply a principal name!
            at org.jboss.resource.security.ConfiguredIdentityLoginModule.initialize(ConfiguredIdentityLoginModule.java:64)
            at java.lang.reflect.Method.invoke(Native Method)
            at javax.security.auth.login.LoginContext.invoke(LoginContext.java:651)
            at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
            at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
            at java.security.AccessController.doPrivileged(Native Method)
            at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
            at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
            at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:381)
            at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:347)
            at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:215)
            at org.jboss.web.catalina.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:281)
            at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:263)
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:458)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
            at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:469)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1040)
            at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1151)
            at java.lang.Thread.run(Thread.java:484)

            at javax.security.auth.login.LoginContext.invoke(LoginContext.java:719)
            at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
            at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
            at java.security.AccessController.doPrivileged(Native Method)
            at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
            at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
            at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:381)
            at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:347)
            at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:215)
            at org.jboss.web.catalina.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:281)


            Just for good measure, in case the problem is in the form the content of it looks like this:


             


             
            Login Required


            Username:



            Password:



             






             
             

            • 3. Re: JBoss 3.03 Tomcat bundle MySQL DatabaseServerLoginModule
              Tom Judge Newbie

              More...

              Finally, something is beginning to work. I went through this forum:

              http://jboss.org/forums/thread.jsp?forum=49&thread=18824

              and found the thread from dmitry_ame. I extracted his myexample.zip. Quoting him:

              "I don't know why, but it only works for me if I include two (!!!) security realm in login-config.xml with different names, one that is DatabaseServerLoginModule, the other one is ConfiguredIdentityLoginModule pointing to the same datasource as the first one. And in mysql-service.xml the SecurityDomainJndiName points to the ConfiguredIdentityLoginModule realm name."

              If I use the following entries in "login-config.xml" for MySQL then the principal=null problem goes away and I can see MySQL being queried appropriately when I log in. It still doesn't quite work, but I can see the finish line!

              I think that if I combine this with the contents of this post then I should be there http://www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22966.html//www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22966.html

              <application-policy name = "MySqlRealm">

              <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
              <module-option name="dsJndiName">java:/MySqlDS</module-option>
              <module-option name = "principal">root</module-option>
              <module-option name = "principalsQuery">select password from users username where username=?</module-option>
              <module-option name = "rolesQuery">select role, roleGroup from userroles where username=?</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MySqlDS</module-option>
              </login-module>

              </application-policy>

              <application-policy name = "MySqlDbRealm">

              <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
              <module-option name = "principal">root</module-option>
              <module-option name = "userName">root</module-option>
              <module-option name = "password">blah</module-option>
              <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MySqlDS</module-option>
              </login-module>

              </application-policy>


              My jboss-web.xml now contains:

              <security-domain>java:/jaas/MySqlRealm</security-domain>

              My web.xml contains:

              <realm-name>MySqlRealm</realm-name>

              I am hoping that all this will help someone else.

              Cheers,

              Tom

              • 4. Re: JBoss 3.03 Tomcat bundle MySQL DatabaseServerLoginModule
                Tom Judge Newbie

                Hurrah,

                It is now working perfectly. I haven't bothered encoding the passwords though (see here if you are interested in this http://www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22966.html//www.mail-archive.com/jboss-user@lists.sourceforge.net/msg22966.html ).

                The final bit of grief was to do with the principalsQuery. The JBOSS Quick Start Guide uses a duff query (I think)
                "select passwd from Users username where username=?". The first "username" shouldn't be there, changing this
                made it work. I have summarised my steps. Let me know if they are wrong or I have left something out.

                To Use J2EE Form Based Authentication with JBOSS 3.0.x and Retrieve the User Data from MySQL:

                1) Download mysql database drivers "mysql-connector-java-2.0.14-bin.jar" and copy to "...server\default\lib" folder.
                2) Copy "mysql-service.xml" from "...\docs\examples\jca" to "...server\default\deploy".
                3) Edit "mysql-service.xml" and change:

                i) The ConnectURL in the following line to match your target database:

                <config-property name="ConnectionURL" type="java.lang.String">jdbc:mysql://dell:3306/jbossdb</config-property>

                ii) Uncomment the line:

                MySqlDbRealm

                4) Exceute the following SQL to create the appropriate MySQL tables:

                CREATE TABLE users(username VARCHAR(64) PRIMARY KEY, password VARCHAR(64));
                CREATE TABLE userroles(username VARCHAR(64), role VARCHAR(32), rolegroup VARCHAR(32) );

                INSERT INTO users VALUES('testuser', 'password');
                INSERT INTO userRoles VALUES('testuser', 'admin', 'Roles');

                5) Insert the following into your "login-config.xml" (I have put these entries near the bottom of the file):

                <application-policy name = "MySqlRealm">

                <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
                <module-option name="dsJndiName">java:/MySqlDS</module-option>
                <module-option name = "principal">root</module-option>
                <module-option name = "principalsQuery">select password from users where username=?</module-option>
                <module-option name = "rolesQuery">select role, roleGroup from userroles where username=?</module-option>
                <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MySqlDS</module-option>
                </login-module>

                </application-policy>

                <application-policy name = "MySqlDbRealm">

                <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
                <module-option name = "principal">root</module-option>
                <module-option name = "userName">root</module-option>
                <module-option name = "password">blah</module-option>
                <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MySqlDS</module-option>
                </login-module>

                </application-policy>

                6) Use the application-policy name "MySqlRealm" in jboss-web.xml and web.xml as follows:

                jboss-web.xml:

                <security-domain>java:/jaas/MySqlRealm</security-domain>

                web.xml:

                <realm-name>MySqlRealm</realm-name>


                Phew! I'm done now.

                Tom

                • 5. Re: JBoss 3.03 Tomcat bundle MySQL DatabaseServerLoginModule
                  Don Griffing Newbie

                  I am using JBoss 3.0.6 with Tomcat 4.1.18 and running into the same problem. I have tried the steps listed above with no success. It is acting as though the values from the imput form are not being pass along to the authentication check. Ideas/suggestions?