1 Reply Latest reply on Jun 7, 2004 10:51 AM by Scott Stark

    JAAS / DatabaseServerLoginModule / JBoss 3.2.3

    M B Newbie

      Sorry, for cross-posting. I did the first posting to the wrong forum group.
      -----------------------------------------------------------------------------------------
      Hallo List!

      I'd like to set up some security using JAAS and the DatabaseServerLoginModule for a small demo-application. In contrast to others on this forum, I'd like to access the EJBs not via JSPs but solely by a standalone client with GUI.

      The problem is, that I get the following exception when my client application tries to call the login() method of the loginContext:


      javax.naming.NameNotFoundException: DefaultDS not bound


      The client application is startet with:

      java -classpath $CLASSPATH:$JBOSS_JAR_HOME:jndi/
      -Djava.security.manager -Djava.security.policy=com/ejbemarketplace/clients/ejbemarketplace.policy -Djava.security.auth.login.config=com/ejbemarketplace/clients/ejbemarketplace.conf -Dlogin.configuration.provider=org.jboss.security.auth.login.XMLLoginConfig com/ejbemarketplace/clients/MDIApplication


      where JBOSS_JAR_HOME contains all files in /usr/local/jboss-3.2.3/client/ and in addition the file /usr/local/jboss-3.2.3/server/default/lib/jbosssx.jar.

      As far as I could figure out the client application hasn't sent any data to the JBoss server at this point.

      It would be very kind, if someone could give me a hint where I've made mistakes.

      ng, martin

      Subsequently I'll give you snipplets of source-files and the configuration-files in use:
      ejbemarketplace.policy:
      grant {
       permission java.security.AllPermission;
      };
      


      ejbemarketplace.conf:
      
      ejbemarketplace {
       org.jboss.security.auth.spi.DatabaseServerLoginModule required;
      };
      


      jndi.properties:
      java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
      java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
      java.naming.provider.url=localhost
      


      The code used in the client application MDIApplication:
      private void jIFAuthenticateOKButtonActionPerformed(java.awt.event.ActionEvent evt) {
       // Add your handling code here:
       try {
       eMarketCallbackHandler emch = new eMarketCallbackHandler(jFormattedTextField3.getText(), jPasswordField1.getPassword());
       System.out.println("----- eMarketCallbackHandler emch created! ----");
       LoginContext loginContext = new LoginContext("ejbemarketplace", emch);
       System.out.println("----- LoginContext created ----");
       loginContext.login(); // this call causes the exception !!!!!!
       System.out.println("----- login accomplished ----");
      
       Subject subject = loginContext.getSubject();
       System.out.println("----- got subject ----");
      
       } catch (javax.security.auth.login.LoginException le) {
       System.out.println("MDIApplication: jIFAuthenticateOKButtonActionPerformed(ActionEvent) le - " + //
       le.getMessage());
       }
       }
      


      eMarketCallbackHandler.java:
      package com.ejbemarketplace.callbackhandler;
      
      import javax.security.auth.callback.Callback;
      import javax.security.auth.callback.NameCallback;
      import javax.security.auth.callback.PasswordCallback;
      import javax.security.auth.callback.UnsupportedCallbackException;
      
      public class eMarketCallbackHandler implements javax.security.auth.callback.CallbackHandler {
      
       private String username;
       private char[] password;
      
       public eMarketCallbackHandler(String username, char[] password) {
       this.username = username;
       this.password = password;
       }
      
       public eMarketCallbackHandler(String username, String password) {
       this.username = username;
       this.password = password.toCharArray();
       }
      
       public void handle(Callback[] callback)
       throws java.io.IOException, UnsupportedCallbackException {
      
       for (int i = 0; i < callback.length; i++) {
       if (callback
       instanceof NameCallback) {
       NameCallback nc = (NameCallback) callback
      ;
       nc.setName(username);
       } else if (callback
       instanceof PasswordCallback) {
       PasswordCallback pc = (PasswordCallback) callback
      ;
       pc.setPassword(password);
       } else {
       throw new UnsupportedCallbackException(callback
      , "Unrecognized Callback");
       }
       }
       }
      
      }
      


      At the server-side:
      login-config.xml
      <application-policy name = "ejbemarketplace">
       <authentication>
       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag = "required">
       <module-option name = "dsJndiName">java:/PostgresDS</module-option> <!-- <module-option name = "dsJndiName">PostgreSQL</module-option> -->
       <module-option name = "principalsQuery">
       select passwd from customerejb where ucid=?
       </module-option>
       <module-option name= "rolesQuery">
       select userRoles,'Roles' from customerejb where ucid=?
       </module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      jboss.xml:
       :
      <container-configurations>
       <security-domain>java:/jaas/ejbemarketplace</security-domain>
       </container-configurations>
       :
      
      


      The database in use is PostgresSQL. The database worked correctly before I tried to fiddle about with JAAS.

      jbosscmp-jdbc.xml:
       :
      <defaults>
       <datasource>java:/PostgresDS</datasource>
       <datasource-mapping>PostgreSQL</datasource-mapping>
       <create-table>true</create-table>
       <remove-table>false</remove-table>
       </defaults>
       :
      


        • 1. Re: JAAS / DatabaseServerLoginModule / JBoss 3.2.3
          Scott Stark Master

          JCA DataSources are not usable outside of the application server in 3.2.x and thus, neither is the DatabaseServerLoginModule. You would need to create your own version that connected to a database directly, or introduce a remotable DataSource proxy as we have done in 4.0.x. The intermediate solution would be to create a DatabaseServerProxyLoginModule that used an RMI or similar service to execute the DatabaseServerLoginModule on the jboss server during the client side login() operation.