0 Replies Latest reply on Sep 24, 2004 12:33 PM by kmarcos

    UsersRolesLoginModule works ok but DatabaseServerLoginModule

    kmarcos Newbie

      Hi.

      I have an application with struts an jboss.

      I configure all to work with UsersRolesLoginModule and it's fine, but if i just change in login-config.xml the authentication to use DatabaseServerLoginModule it doesn't works... configuration its OK... and if i put an bad user or a wrong password works fine too deny permissions and show right errors, but if i put a correct user/passwd tomcat returns HTTP 403... and in the log there's not complains (exceptions), so i think the autentication module returns ok and tomcat just lost.

      i was expecting, the same UsersRolesLoginModule good behavior, but not.
      I followed all in famous"Complete configuration of JAAS on JBOSS and STRUTS" excepting that i use action="j_security_check" and the Strut's Actions are just showing error messages... So i don't have nothing about Security handlers and the rest...

      any suggestion??
      tks.

      some code:

      web.xml
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Saih Admon</web-resource-name>
      <url-pattern>*.do</url-pattern>
      <url-pattern>/jsp/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>admin1</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/saihLogin.do</form-login-page>
      <form-error-page>/saihLoginError.do</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      <role-name>admin1</role-name>
      </security-role>

      login-config.xml
      <application-policy name = "saih-admon">

      <login-module code="org.jboss.security.ClientLoginModule" flag="required"></login-module>
      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=histoSecDS</module-option>
      <module-option name="dsJndiName">java:/histoSecDS</module-option>
      <module-option name="principalsQuery">SELECT password FROM Principals WHERE PrincipalId = ?</module-option>
      <module-option name="rolesQuery">
      SELECT Role as Roles, RoleGroup as RolesGroups FROM Roles WHERE PrincipalID = ?
      </module-option>
      <module-option name="unauthenticatedIdentity">unauth</module-option>
      </login-module>

      </application-policy>

      struts-config.xml
      < action path="/saihLogin" type="co.edu.uniandes.saih.web.SaihLoginAction"
      scope="request">
      < forward name="success" path="/SaihLogin.jsp" />
      < /action>
      < action path="/saihLoginError" type="co.edu.uniandes.saih.web.SaihLoginAction"
      scope="request" parameter="loginError">
      < forward name="error" path="/SaihLogin.jsp" />
      < /action>

      SaihLoginAction.java

      public ActionForward execute(....){
      
      System.out.println("entra al action orig");
       System.out.println("login error param value parameter "+mapping.getParameter());
       System.out.println("login error j_username "+request.getParameter("j_username"));
       System.out.println("login error j_password"+request.getParameter("j_password"));
       String error = mapping.getParameter();
       if(null != error && error.equalsIgnoreCase("loginError")){
       System.out.println("login error orig");
       SaihLoginForm slf = new SaihLoginForm();
       slf.setUser(request.getParameter("j_username"));
       slf.setPassword(request.getParameter("j_password"));
       ActionErrors errors= slf.validate(mapping,request);
       Iterator it = errors.get();
       while (it.hasNext()){
       ActionMessage am = (ActionMessage) it.next();
       System.out.println(am.getKey());
       }
      
       if (errors.isEmpty()){
       System.out.println("empty");
       errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("errors.login.refuse"));
       }
       request.setAttribute(Globals.ERROR_KEY, errors);
       return mapping.findForward("error");
       }
       System.out.println("ok en action orig");
       return mapping.findForward("success");
       }




      Log when i put bad user o password...

      2004-09-24 08:40:38,889 DEBUG [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory] Using properties: {user=postgres, password=--hidden--}
      2004-09-24 08:40:38,889 DEBUG [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory] Checking driver for URL: jdbc:postgresql://172.16.1.16:5432/histosec
      2004-09-24 08:40:38,889 DEBUG [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory] Driver not yet registered for url: jdbc:postgresql://172.16.1.16:5432/histosec
      2004-09-24 08:40:38,905 DEBUG [org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory] Driver already registered for url: jdbc:postgresql://172.16.1.16:5432/histosec
      2004-09-24 08:40:39,045 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] Bad password for username=kmarcos
      2004-09-24 08:40:39,045 DEBUG [org.jboss.security.plugins.JaasSecurityManager.saih-admon] Login failure
      javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:160)
      ....
      org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
      at java.lang.Thread.run(Thread.java:534)
      2004-09-24 08:40:39,045 INFO [STDOUT] entra al action orig
      2004-09-24 08:40:39,045 INFO [STDOUT] login error param value parameter loginError
      2004-09-24 08:40:39,045 INFO [STDOUT] login error j_username kmarcos
      2004-09-24 08:40:39,045 INFO [STDOUT] login error j_passwordk
      2004-09-24 08:40:39,045 INFO [STDOUT] login error orig
      2004-09-24 08:40:39,045 INFO [STDOUT] empty


      log when user/passwd is ok
      2004-09-24 08:49:27,780 INFO [STDOUT] entra al action orig
      2004-09-24 08:49:27,780 INFO [STDOUT] login error param value parameter null
      2004-09-24 08:49:27,780 INFO [STDOUT] login error j_username null
      2004-09-24 08:49:27,780 INFO [STDOUT] login error j_passwordnull
      2004-09-24 08:49:27,780 INFO [STDOUT] ok en action orig