1 Reply Latest reply on Jun 7, 2004 10:51 AM by starksm64

    JAAS / DatabaseServerLoginModule / JBoss 3.2.3

    ___martin___
    ___martin___ Jun 6, 2004 7:42 PM

      Sorry, for cross-posting. I did the first posting to the wrong forum group.
      -----------------------------------------------------------------------------------------
      Hallo List!

      I'd like to set up some security using JAAS and the DatabaseServerLoginModule for a small demo-application. In contrast to others on this forum, I'd like to access the EJBs not via JSPs but solely by a standalone client with GUI.

      The problem is, that I get the following exception when my client application tries to call the login() method of the loginContext:


      javax.naming.NameNotFoundException: DefaultDS not bound


      The client application is startet with:

      java -classpath $CLASSPATH:$JBOSS_JAR_HOME:jndi/
      -Djava.security.manager -Djava.security.policy=com/ejbemarketplace/clients/ejbemarketplace.policy -Djava.security.auth.login.config=com/ejbemarketplace/clients/ejbemarketplace.conf -Dlogin.configuration.provider=org.jboss.security.auth.login.XMLLoginConfig com/ejbemarketplace/clients/MDIApplication


      where JBOSS_JAR_HOME contains all files in /usr/local/jboss-3.2.3/client/ and in addition the file /usr/local/jboss-3.2.3/server/default/lib/jbosssx.jar.

      As far as I could figure out the client application hasn't sent any data to the JBoss server at this point.

      It would be very kind, if someone could give me a hint where I've made mistakes.

      ng, martin

      Subsequently I'll give you snipplets of source-files and the configuration-files in use:
      ejbemarketplace.policy: 
      grant {
 permission java.security.AllPermission;
};


      ejbemarketplace.conf: 
      
ejbemarketplace {
 org.jboss.security.auth.spi.DatabaseServerLoginModule required;
};


      jndi.properties: 
      java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
java.naming.provider.url=localhost


      The code used in the client application MDIApplication: 
      private void jIFAuthenticateOKButtonActionPerformed(java.awt.event.ActionEvent evt) {
 // Add your handling code here:
 try {
 eMarketCallbackHandler emch = new eMarketCallbackHandler(jFormattedTextField3.getText(), jPasswordField1.getPassword());
 System.out.println("----- eMarketCallbackHandler emch created! ----");
 LoginContext loginContext = new LoginContext("ejbemarketplace", emch);
 System.out.println("----- LoginContext created ----");
 loginContext.login(); // this call causes the exception !!!!!!
 System.out.println("----- login accomplished ----");

 Subject subject = loginContext.getSubject();
 System.out.println("----- got subject ----");

 } catch (javax.security.auth.login.LoginException le) {
 System.out.println("MDIApplication: jIFAuthenticateOKButtonActionPerformed(ActionEvent) le - " + //
 le.getMessage());
 }
 }


      eMarketCallbackHandler.java: 
      package com.ejbemarketplace.callbackhandler;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;

public class eMarketCallbackHandler implements javax.security.auth.callback.CallbackHandler {

 private String username;
 private char[] password;

 public eMarketCallbackHandler(String username, char[] password) {
 this.username = username;
 this.password = password;
 }

 public eMarketCallbackHandler(String username, String password) {
 this.username = username;
 this.password = password.toCharArray();
 }

 public void handle(Callback[] callback)
 throws java.io.IOException, UnsupportedCallbackException {

 for (int i = 0; i < callback.length; i++) {
 if (callback
 instanceof NameCallback) {
 NameCallback nc = (NameCallback) callback
;
 nc.setName(username);
 } else if (callback
 instanceof PasswordCallback) {
 PasswordCallback pc = (PasswordCallback) callback
;
 pc.setPassword(password);
 } else {
 throw new UnsupportedCallbackException(callback
, "Unrecognized Callback");
 }
 }
 }

}


      At the server-side:
      login-config.xml 
      <application-policy name = "ejbemarketplace">
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
 flag = "required">
 <module-option name = "dsJndiName">java:/PostgresDS</module-option> <!-- <module-option name = "dsJndiName">PostgreSQL</module-option> -->
 <module-option name = "principalsQuery">
 select passwd from customerejb where ucid=?
 </module-option>
 <module-option name= "rolesQuery">
 select userRoles,'Roles' from customerejb where ucid=?
 </module-option>
 </login-module>
 </authentication>
 </application-policy>


      jboss.xml: 
       :
<container-configurations>
 <security-domain>java:/jaas/ejbemarketplace</security-domain>
 </container-configurations>
 :


      The database in use is PostgresSQL. The database worked correctly before I tried to fiddle about with JAAS.

      jbosscmp-jdbc.xml: 
       :
<defaults>
 <datasource>java:/PostgresDS</datasource>
 <datasource-mapping>PostgreSQL</datasource-mapping>
 <create-table>true</create-table>
 <remove-table>false</remove-table>
 </defaults>
 :


      • 2406 Views
      • Tags:
        • 1. Re: JAAS / DatabaseServerLoginModule / JBoss 3.2.3
          starksm64
          starksm64 Jun 7, 2004 10:51 AM (in response to ___martin___)

          JCA DataSources are not usable outside of the application server in 3.2.x and thus, neither is the DatabaseServerLoginModule. You would need to create your own version that connected to a database directly, or introduce a remotable DataSource proxy as we have done in 4.0.x. The intermediate solution would be to create a DatabaseServerProxyLoginModule that used an RMI or similar service to execute the DatabaseServerLoginModule on the jboss server during the client side login() operation.

            • Actions