0 Replies Latest reply on Dec 30, 2002 8:47 AM by Jing

    Authentication Problem - Principal=null

    Jing Newbie

      Hi All,

      I am working with jboss-3.0.4_tomcat-4.1.12. There are 2 PostgreSQL databases in my project, one for the normal production(SamplePool), another for the authentication only(AuthPool). I got stucked with authetication for 1 week already, always get "principal=null". I am not pretty sure that I place two databases configurations in the same postgres-service.xml file, and also the way I configured it. I supposed to be able to create the bean before I login, and the principal supposed to be "guest" instead of null, but I always get "EJBException, causedBy:
      java.lang.SecurityException: Authentication exception, principal=null
      " in the log file.

      I hope someone could help me figure out what goes wrong there, thanks a lot in advance.

      Here are the related configuration files:

      ========login-config.xml===========
      <application-policy name="test">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="dsJndiName">java:/AuthPool</module-option>
      <module-option name="principalsQuery">
      select tx_password from gi_principal where id_principal=?
      </module-option>
      <module-option name="rolesQuery">
      select tx_role, tx_role_group from gi_roles where id_principal=?
      </module-option>
      <module-option name="managedConnectionFactoryName">
      jboss.jca:service=LocalTxCM,name=AuthPool
      </module-option>
      <module-option name = "unauthenticatedIdentity">guest</module-option>
      </login-module>

      </application-policy>

      ==postgres-service.xml======
      ===under $JBOSS_DIST/server/default/deploy)====

      <!--Database for Authentication only-->
      <mbean code="org.jboss.resource.connectionmanager.LocalTxConnectionManager" name="jboss.jca:service=LocalTxCM,name=AuthPool">
      <!--Same as login-config.xml-->
      <application-policy name="test">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="dsJndiName">java:/AuthPool</module-option>
      <module-option name="principalsQuery">
      select tx_password from gi_principal where id_principal=?
      </module-option>
      <module-option name="rolesQuery">
      select tx_role, tx_role_group from gi_roles where id_principal=?
      </module-option>
      <module-option name="managedConnectionFactoryName">
      jboss.jca:service=LocalTxCM,name=AuthPool
      </module-option>
      <module-option name = "unauthenticatedIdentity">guest</module-option>
      </login-module>

      </application-policy>

      test

      <depends optional-attribute-name="ManagedConnectionFactoryName">
      <!--embedded mbean-->

      AuthPool


      <config-property name="ConnectionURL" type="java.lang.String">jdbc:postgresql://localhost:5432/GIAUTLDBPasswd</config-property>
      <config-property name="DriverClass" type="java.lang.String">org.postgresql.Driver</config-property>
      <!--set these only if you want only default logins, not through JAAS -->
      <config-property name="UserName" type="java.lang.String"></config-property>
      <config-property name="Password" type="java.lang.String"></config-property>



      <!--Below here are advanced properties -->
      <!--hack-->
      <depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper

      <!--real attributes-->



      <depends optional-attribute-name="ManagedConnectionPool">
      <!--embedded mbean-->


      0
      50
      5000
      15
      <!--criteria indicates if Subject (from security domain) or app supplied
      parameters (such as from getConnection(user, pw)) are used to distinguish
      connections in the pool. Choices are
      ByContainerAndApplication (use both),
      ByContainer (use Subject),
      ByApplication (use app supplied params only),
      ByNothing (all connections are equivalent, usually if adapter supports
      reauthentication)-->
      ByContainer



      <depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager

      <depends optional-attribute-name="JaasSecurityManagerService">jboss.security:service=JaasSecurityManager

      java:/TransactionManager
      <!--make the rar deploy! hack till better deployment-->
      jboss.jca:service=RARDeployer



      <!--Database for normal production, but authentication required before access it -->
      <mbean code="org.jboss.resource.connectionmanager.LocalTxConnectionManager" name="jboss.jca:service=LocalTxCM,name="SamplePool">
      <!--Same as login-config.xml-->
      <application-policy name="test">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="dsJndiName">java:/AuthPool</module-option>
      <module-option name="principalsQuery">
      select tx_password from gi_principal where id_principal=?
      </module-option>
      <module-option name="rolesQuery">
      select tx_role, tx_role_group from gi_roles where id_principal=?
      </module-option>
      <module-option name="managedConnectionFactoryName">
      jboss.jca:service=LocalTxCM,name=AuthPool
      </module-option>
      <module-option name = "unauthenticatedIdentity">guest</module-option>
      </login-module>

      </application-policy>

      test


      <depends optional-attribute-name="ManagedConnectionFactoryName">
      <!--embedded mbean-->

      <!-- ========== Set the JndiName ======================= -->
      SamplePool


      <config-property name="ConnectionURL" type="java.lang.String">jdbc:postgresql://localhost:5432/GIAUTLDB</config-property>

      <config-property name="DriverClass" type="java.lang.String">org.postgresql.Driver</config-property>
      <!--set these only if you want only default logins, not through JAAS -->
      <config-property name="UserName" type="java.lang.String"></config-property>
      <config-property name="Password" type="java.lang.String"></config-property>




      <!--Below here are advanced properties -->
      <!--hack-->
      <depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper

      <!--real attributes-->



      <depends optional-attribute-name="ManagedConnectionPool">
      <!--embedded mbean-->


      0
      50
      5000
      15
      ByContainer



      <depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager

      <depends optional-attribute-name="JaasSecurityManagerService">jboss.security:service=JaasSecurityManager

      java:/TransactionManager
      <!--make the rar deploy! hack till better deployment-->
      jboss.jca:service=RARDeployer





      ============ejb-jar.xml====================
      <?xml version="1.0" encoding="UTF-8"?>

      <ejb-jar>
      <security-domain>java:/jaas/test</security-domain>
      <display-name>Entity Beans</display-name>
      <enterprise-beans>

      <!-- START GUEST PERMISSIONS -->
      <method-permission>
      <role-name>guest</role-name>

      <ejb-name>UserBean</ejb-name>
      <method-name>create</method-name>

      </method-permission>

      <!-- START ADMIN PERMISSIONS -->
      <method-permission>
      <role-name>admin</role-name>

      <ejb-name>UserBean</ejb-name>
      <method-name>*</method-name>

      </method-permission>

      </ejb-jar>