1 Reply Latest reply on Mar 25, 2004 12:27 AM by Scott Stark

    Problems with login

    conanjboss Newbie

      I have read everything on net and a thousand of forums but I do this work. I am trying to use the DataBaseServerModule, here is the files:

      login-config.xml

      <application-policy name="LWebSec">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="dsJndiName">java:/PostgresDS</module-option>
      <module-option name="principalsQuery">select password from users where username=?</module-option>
      <module-option name="rolesQuery">select 'userroles', rolegroup from userroles where username=?</module-option>
      </login-module>

      </application-policy>

      jboss-web.xml

      <jboss-web>
      <security-domain>java:/jaas/LWebSec</security-domain>
      </jboss-web>

      web.xml

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Secure Pages</web-resource-name>
      <url-pattern>/webui/*</url-pattern>
      </web-resource-collection>

      <auth-constraint>
      <role-name>userrole</role-name>
      </auth-constraint>

      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>

      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <!-- ExampleRealm is defined in login-config.xml -->
      <realm-name>LWebSec</realm-name>
      <!--
      <form-login-config>

      <form-login-page>/login/login.jsp</form-login-page>
      -->
      </login-config>

      <security-role>
      blah
      <role-name>userrole</role-name>
      </security-role>
      <!--

      When I try to login with a user that is inside the database I receive the message on log:

      2004-03-24 13:24:13,277 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
      2004-03-24 13:24:13,279 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] Bad password for username=abc
      2004-03-24 13:24:13,280 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort
      2004-03-24 13:24:13,280 DEBUG [org.jboss.security.plugins.JaasSecurityManager.LWebSec] Login failure
      javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

      When I try to login with a user that doesnt exist in database:

      2004-03-24 13:26:09,175 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
      2004-03-24 13:26:09,178 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort
      2004-03-24 13:26:09,178 DEBUG [org.jboss.security.plugins.JaasSecurityManager.LWebSec] Login failure
      javax.security.auth.login.FailedLoginException: No matching username found in Principals

      So, where is the problem, the password in Postgresql have to be crypt/hash? What is wrong with the configuration?