1 Reply Latest reply on Feb 28, 2003 5:28 AM by Peter Doornbosch

    Problems configuring JBoss for Form based authentication usi

    Jurjan Woltman Newbie

      I've been trying to configure the DatabaseServerLoginModule for setting up FORM based authentication with JAAS.
      I'm using JBoss 3.0.4 and Jdk 1.3.1 by the way.

      Whatever I do nothing seems to work, this is what I did 'till now:

      1) Added an application policy to login-config.xml


      <application-policy name = "PortInfolinkRealm">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">

      <!-- Datasource -->
      <module-option name = "dsJndiName">java:/OraclePortinfolinkDS</module-option>

      <!-- Query -->
      <module-option name = "principalsQuery">SELECT password FROM principals WHERE principalid = ?</module-option>
      <module-option name = "rolesQuery">SELECT role, rolegroup FROM roles WHERE principalid = ?</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=OraclePortinfolinkDS</module-option>

      </login-module>

      </application-policy>


      2) Registered a datasource

      <?xml version="1.0" encoding="UTF-8"?>

      <!-- ===================================================================== -->
      <!-- -->
      <!-- JBoss Server Configuration -->
      <!-- -->
      <!-- ===================================================================== -->



      <!-- ==================================================================== -->
      <!-- ConnectionManager setup for Oracle dbs -->
      <!-- Build jmx-api (build/build.sh all) and view for config documentation -->
      <!-- Thanks to Steven Coy -->
      <!-- ==================================================================== -->




      <!-- Include a login module configuration named OracleDbRealm.
      Update your login-conf.xml, here is an example for a
      ConfiguredIdentityLoginModule:

      <application-policy name = "OracleDbRealm">

      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
      <module-option name = "principal">yourprincipal</module-option>
      <module-option name = "userName">yourusername</module-option>
      <module-option name = "password">yourpassword</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=OraclePortinfolinkDS</module-option>
      </login-module>

      </application-policy>

      NOTE: the application-policy name attribute must match SecurityDomainJndiName, and the
      module-option name = "managedConnectionFactoryName"
      must match the object name of the ConnectionManager you are configuring here.
      -->

      <!--uncomment out this line if you are using the OracleDbRealm above-->
      PortInfolinkRealm

      <depends optional-attribute-name="ManagedConnectionFactoryName">
      <!--embedded mbean-->


      OraclePortinfolinkDS



      <config-property name="ConnectionURL" type="java.lang.String">jdbc:oracle:thin:@{URL}:1521:dev001</config-property>
      <config-property name="DriverClass" type="java.lang.String">oracle.jdbc.driver.OracleDriver</config-property>
      <!--set these only if you want only default logins, not through JAAS -->
      <config-property name="UserName" type="java.lang.String">{my_username}</config-property>
      <config-property name="Password" type="java.lang.String">{my_password}</config-property>



      <!--Below here are advanced properties -->
      <!--hack-->
      <depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper



      <depends optional-attribute-name="ManagedConnectionPool">
      <!--embedded mbean-->


      0
      50
      5000
      15
      <!--criteria indicates if Subject (from security domain) or app supplied
      parameters (such as from getConnection(user, pw)) are used to distinguish
      connections in the pool. Choices are
      ByContainerAndApplication (use both),
      ByContainer (use Subject),
      ByApplication (use app supplied params only),
      ByNothing (all connections are equivalent, usually if adapter supports
      reauthentication)-->
      ByContainer



      <depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager

      <depends optional-attribute-name="JaasSecurityManagerService">jboss.security:service=JaasSecurityManager

      java:/TransactionManager

      <!--make the rar deploy! hack till better deployment-->
      jboss.jca:service=RARDeployer







      3) Added security domain to my jboss.xml

      <?xml version="1.0" encoding="UTF-8"?>


      <resource-managers>
      <resource-manager res-class="">
      <res-name>jdbc/barge</res-name>
      <res-jndi-name>java:/OraclePortInfolinkDS</res-jndi-name>
      </resource-manager>
      </resource-managers>

      <container-configurations>
      <security-domain>java:/jaas/PortInfolinkRealm</security-domain>
      </container-configurations>



      4) added it to my jboss-web.xml

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>

      <security-domain>java:/jaas/PortInfolinkRealm</security-domain>
      <context-root>/</context-root

      </jboss-web>

      5) Added an Login config to my web.xml, the logon.jsp sends it's form to j_security_check.
      The form fields are named j_user_name and j_password



      <!-- ******************************************** -->
      <!-- ********** Login config ************* -->
      <!-- ******************************************** -->
      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/logon.jsp</form-login-page>
      <form-error-page>/logonerror.jsp</form-error-page>
      </form-login-config>
      </login-config>


      6) Added an security-constraint for some web-resource

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>testservlet</web-resource-name>
      none
      <url-pattern>/test</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      <auth-constraint>
      none
      <role-name>OperatorRole</role-name>
      </auth-constraint>
      <user-data-constraint>
      none
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      7) When I make a request for that resource in my browser I get my login page as I expected. When I post the login
      it goes on to my protected resource without checking anything. I also don't get any errors or some other logging what
      points to misconfiguration. Just nothing happens at all.

      I presume I forgot something but I don't know what, even in the JBoss documentation I couldn't find anything.


      Does somebody have a clue??


      Thanks,

      Jurjan

        • 1. Re: Problems configuring JBoss for Form based authentication
          Peter Doornbosch Apprentice

          So, what's the problem? ;-)

          > "When I post the login it goes on to my protected resource without checking anything"
          How do you know that it doesn't check? If you rely on tracing, please note that the JBoss security manager caches security credentials. It has fooled me once; thinking that it didn't perform a login, but it did; i just didn't see it ;-).

          If this is not the case and it still doesn't work, maybe it's an idea to make your testcase simpler, e.g. try starting with a simple UsersRolesLoginModule (if you didn't already). It's excellent that you provide all necesssary information; however, i'm afraid very few people have the patience to go through it all.....
          Which doesn't mean we don't want to help you out ;-)

          Cheers
          Peter.