Authentication Problem - Principal=null
jinglebell Dec 30, 2002 8:47 AMHi All,
I am working with jboss-3.0.4_tomcat-4.1.12. There are 2 PostgreSQL databases in my project, one for the normal production(SamplePool), another for the authentication only(AuthPool). I got stucked with authetication for 1 week already, always get "principal=null". I am not pretty sure that I place two databases configurations in the same postgres-service.xml file, and also the way I configured it. I supposed to be able to create the bean before I login, and the principal supposed to be "guest" instead of null, but I always get "EJBException, causedBy:
java.lang.SecurityException: Authentication exception, principal=null" in the log file.
I hope someone could help me figure out what goes wrong there, thanks a lot in advance.
Here are the related configuration files:
========login-config.xml===========
<application-policy name="test">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/AuthPool</module-option>
<module-option name="principalsQuery">
select tx_password from gi_principal where id_principal=?
</module-option>
<module-option name="rolesQuery">
select tx_role, tx_role_group from gi_roles where id_principal=?
</module-option>
<module-option name="managedConnectionFactoryName">
jboss.jca:service=LocalTxCM,name=AuthPool
</module-option>
<module-option name = "unauthenticatedIdentity">guest</module-option>
</login-module>
</application-policy>
==postgres-service.xml======
===under $JBOSS_DIST/server/default/deploy)====
<!--Database for Authentication only-->
<mbean code="org.jboss.resource.connectionmanager.LocalTxConnectionManager" name="jboss.jca:service=LocalTxCM,name=AuthPool">
<!--Same as login-config.xml-->
<application-policy name="test">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/AuthPool</module-option>
<module-option name="principalsQuery">
select tx_password from gi_principal where id_principal=?
</module-option>
<module-option name="rolesQuery">
select tx_role, tx_role_group from gi_roles where id_principal=?
</module-option>
<module-option name="managedConnectionFactoryName">
jboss.jca:service=LocalTxCM,name=AuthPool
</module-option>
<module-option name = "unauthenticatedIdentity">guest</module-option>
</login-module>
</application-policy>
test
<depends optional-attribute-name="ManagedConnectionFactoryName">
<!--embedded mbean-->
AuthPool
<config-property name="ConnectionURL" type="java.lang.String">jdbc:postgresql://localhost:5432/GIAUTLDBPasswd</config-property>
<config-property name="DriverClass" type="java.lang.String">org.postgresql.Driver</config-property>
<!--set these only if you want only default logins, not through JAAS -->
<config-property name="UserName" type="java.lang.String"></config-property>
<config-property name="Password" type="java.lang.String"></config-property>
<!--Below here are advanced properties -->
<!--hack-->
<depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper
<!--real attributes-->
<depends optional-attribute-name="ManagedConnectionPool">
<!--embedded mbean-->
0
50
5000
15
<!--criteria indicates if Subject (from security domain) or app supplied
parameters (such as from getConnection(user, pw)) are used to distinguish
connections in the pool. Choices are
ByContainerAndApplication (use both),
ByContainer (use Subject),
ByApplication (use app supplied params only),
ByNothing (all connections are equivalent, usually if adapter supports
reauthentication)-->
ByContainer
<depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager
<depends optional-attribute-name="JaasSecurityManagerService">jboss.security:service=JaasSecurityManager
java:/TransactionManager
<!--make the rar deploy! hack till better deployment-->
jboss.jca:service=RARDeployer
<!--Database for normal production, but authentication required before access it -->
<mbean code="org.jboss.resource.connectionmanager.LocalTxConnectionManager" name="jboss.jca:service=LocalTxCM,name="SamplePool">
<!--Same as login-config.xml-->
<application-policy name="test">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/AuthPool</module-option>
<module-option name="principalsQuery">
select tx_password from gi_principal where id_principal=?
</module-option>
<module-option name="rolesQuery">
select tx_role, tx_role_group from gi_roles where id_principal=?
</module-option>
<module-option name="managedConnectionFactoryName">
jboss.jca:service=LocalTxCM,name=AuthPool
</module-option>
<module-option name = "unauthenticatedIdentity">guest</module-option>
</login-module>
</application-policy>
test
<depends optional-attribute-name="ManagedConnectionFactoryName">
<!--embedded mbean-->
<!-- ========== Set the JndiName ======================= -->
SamplePool
<config-property name="ConnectionURL" type="java.lang.String">jdbc:postgresql://localhost:5432/GIAUTLDB</config-property>
<config-property name="DriverClass" type="java.lang.String">org.postgresql.Driver</config-property>
<!--set these only if you want only default logins, not through JAAS -->
<config-property name="UserName" type="java.lang.String"></config-property>
<config-property name="Password" type="java.lang.String"></config-property>
<!--Below here are advanced properties -->
<!--hack-->
<depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper
<!--real attributes-->
<depends optional-attribute-name="ManagedConnectionPool">
<!--embedded mbean-->
0
50
5000
15
ByContainer
<depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager
<depends optional-attribute-name="JaasSecurityManagerService">jboss.security:service=JaasSecurityManager
java:/TransactionManager
<!--make the rar deploy! hack till better deployment-->
jboss.jca:service=RARDeployer
============ejb-jar.xml====================
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar>
<security-domain>java:/jaas/test</security-domain>
<display-name>Entity Beans</display-name>
<enterprise-beans>
<!-- START GUEST PERMISSIONS -->
<method-permission>
<role-name>guest</role-name>
<ejb-name>UserBean</ejb-name>
<method-name>create</method-name>
</method-permission>
<!-- START ADMIN PERMISSIONS -->
<method-permission>
<role-name>admin</role-name>
<ejb-name>UserBean</ejb-name>
<method-name>*</method-name>
</method-permission>
</ejb-jar>