2 Replies Latest reply on May 5, 2004 11:12 AM by Scott Stark

    jBoss 3.2.3+DatabaseServerLoginModule+Struts confusion

    Jason Pratt Newbie

      Hello,
      I am having some trouble getting DatabaseServerLoginModule to find my tables. I have read the latest JAAS howto (twice) and believe that I have everything setup correctly. I have the following defined in the login-config.xml

      <application-policy name="foo">
       <authentication>
      
      
       <login-module
       code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag="required">
       <module-option name="dsJndiName">java:/fooDS</module-options>
       <module-option name="principalsQuery">select password from users where email=?</module-options>
       <module-option name="rolesQuery">select role, 'Roles' from userRoles where email=?</module-options>
       <module-option name="unauthenticatedIdentity">guest</module-options>
       </login-module>
      
       </authentication>
      </application-policy>


      I have the MySQL database define as follows:

      <local-tx-datasource>
       <jndi-name>fooDS</jndi-name>
       <connection-url>jdbc:mysql://localhost:3306/foo</connection-url>
       <driver-class>org.gjt.mm.mysql.Driver</driver-class>
       <user-name>foo</user-name>
       <password>bar</password>
       </local-tx-datasource>


      I am using this Action class for the Login in check, which I found out on the web:

      try {
       String email = dynaLoginForm.get("email").toString();
       String password = dynaLoginForm.get("password").toString();
      
       SimplePrincipal principal = new SimplePrincipal(email);
      
       SecurityAssociationHandler handler =
       new SecurityAssociationHandler();
      
       handler.setSecurityInfo(principal, password.toCharArray());
      
       LoginContext lc =
       new LoginContext("foo", handler);
      
       log.debug("trying to login");
      
       lc.login();
      
       log.debug("login successful");
      
       Subject subject = lc.getSubject();
      
       log.debug("subject: " + subject.toString());
      
       Set principals = subject.getPrincipals();
       principals.add(principal);
      
       }
       catch (Exception e) {
       log.error("caught: " + e);
       errors.add("header", new ActionError("error.password.mismatch"));
       log.error("password does not match setting user to null");
       user = null;
       }


      My understanding is that the security policy "foo" will find the fooDS and have the correct tables to lookup the principal from. However, I get this error:

      caught: javax.security.auth.login.LoginException: No LoginModules configured for foo


      What am I doing wrong? Any help would be great!!


      ---Jason

        • 1. Re: jBoss 3.2.3+DatabaseServerLoginModule+Struts confusion
          Jason Pratt Newbie

          I forgot to add that I have the following Relam defined in login-config.xml

          <application-policy name="fooDBRealm">
           <authentication>
           <login-module
           code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
           flag="required">
           <module-option name="principal">sa</module-option>
           <module-option name="userName">sa</module-option>
           <module-option name="password"></module-option>
           <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=fooDS</module-option>
           </login-module>
           </authentication>
           </application-policy>


          Need a little help here...

          ---jason

          • 2. Re: jBoss 3.2.3+DatabaseServerLoginModule+Struts confusion
            Scott Stark Master

            Then either get in the debugger or add some logging and look at what the password is coming back from the db. Break or add logging to the UsernamePasswordLoginModule.validatePassword(String inputPassword, String expectedPassword) method.