3 Replies Latest reply on Feb 13, 2004 1:45 PM by japslap

    DatabaseServerLoginModule and Oracle Datasource

    japslap Newbie

      Hi All:

      I am having some issued with the DatabaseServerLoginModule. I have two datasources defined:

      java:/MySqlDS
      java:/OracleDS

      I can connect and retreive data from both sources from a test JSP page. Both databases have identical "user" and "roles" tables and identical data.

      When I create an DatabseServerLoginModule application-policy in login-config.xml using the mysql source authentication works fine:

      <module-option name="dsJndiName">java:/MySqlDS</module-option>

      but when I switch to the Oracle datasource it does not work:

      <module-option name="dsJndiName">java:/OracleDS</module-option>

      With the Oracle datasource I can't log into my application (always get access denied).

      Am I missing something obvious?

      Also, is there a way to turn on debugging or logging on in the DatabaseServerLoginModule?

      Thanks!

        • 1. Re: DatabaseServerLoginModule and Oracle Datasource
          Scott Stark Master

          Turn on debugging by adding the following category setup to
          the conf/log4j.xml file:

          < category name="org.jboss.security">
          < priority value="TRACE" class="org.jboss.logging.XLevel"/>
          < /category>

          • 2. Re: DatabaseServerLoginModule and Oracle Datasource
            japslap Newbie

            Thanks! The debugging trace works great.

            But I still can't authenticate using java:/OracleDS. I've attached the debug messages. It is connecting to the datasource, but it can't find the user.

            login-config.xml:

            <application-policy name = "my-security">

            <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
            flag = "required" >
            <module-option name="dsJndiName">java:/OracleDS</module-option>
            <module-option name="principalsQuery">select passwd from users where username=?</module-option>
            <module-option name="rolesQuery">select roles, 'Roles' from roles where username=?</module-option>
            </login-module>

            </application-policy>

            Debug messages:

            2004-02-13 12:43:50,367 DEBUG [org.jboss.security.plugins.JaasSecurityManager.hrf-security] Login failure
            javax.security.auth.login.FailedLoginException: No matching username found in Principals
            at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:102)
            at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:150)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:324)
            at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
            at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
            at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
            at java.security.AccessController.doPrivileged(Native Method)
            at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
            at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
            at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:487)
            at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:442)
            at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:244)
            at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:219)
            at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:281)
            at org.jboss.web.tomcat.tc4.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:203)
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
            at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
            at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
            at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
            at java.lang.Thread.run(Thread.java:536)

            • 3. Re: DatabaseServerLoginModule and Oracle Datasource
              japslap Newbie

              Figured it out...

              Someone put the username as a CHAR field in Oracle so it would add spaces to the username.

              I knew it was something obvious and stupid :p