5 Replies Latest reply on Oct 14, 2004 8:42 AM by Greg Lloyd

    form based auth & DatabaseServerLoginModule

    javaprogrammer javaprogrammer Newbie

      Hello to everyone. First of all sorry for my english :)

      I have a problem. I'm using DatabaseServerLoginModule and form based authentification in my develop. first servlet executing login and if everything is ok it's redirect to other servlet. In this servlet i'm trying to request.getUserPrincipal(). It's null. Why?
      Here is my souces:

      ********login-config.xml*****
      <application-policy name = "UserPolicy">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name = "dsJndiName">java:/FirebirdDS</module-option>
      <module-option name = "principalsQuery">SELECT PASS FROM users WHERE LOGIN=?</module-option>
      <module-option name = "rolesQuery">SELECT ROLE, 'Roles' FROM users WHERE LOGIN=?</module-option>
      <module-option name = "unauthenticatedIdentity">anonymouse</module-option>
      </login-module>

      </application-policy>
      *****************************

      **************web.xml********
      security-constraint>
      <web-resource-collection>
      <web-resource-name>Secured Web Resource</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>user</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>UserPolicy</realm-name>
      <form-login-config>
      <form-login-page>/login</form-login-page>
      <form-error-page>/login</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      <role-name>user</role-name>
      </security-role>
      ****************************
      ******jboss-web.xml*********
      <security-domain>java:/jaas/UserPolicy</security-domain>
      ***************************

      *****jboss.xml**********
      <security-domain>java:/jaas/UserPolicy</security-domain>
      ***********************

      *****my login servlet, which starts like a first page (URL pattern = login)******
      ...
      String login = request.getParameter("j_username");
      String password = request.getParameter("j_password");
      ...
      System.setProperty("java.security.auth.login.config", "D:/jboss-3.2.5/client/auth.conf");
      System.out.println("Creating CallBackHandler");
      CallbackHandler handler = new MyHandler(login, password);
      System.out.println("Creating LoginContext");
      LoginContext logcont = new LoginContext("UserPolicy", handler);
      System.out.println("Created LoginContext");
      try {
      logcont.login();
      System.out.println("Logon!!! Getting username/password");
      Subject sub = logcont.getSubject();
      System.out.println("Principals "+ sub.getPrincipals().toString());
      System.out.println("Credentials "+ sub.getPublicCredentials().toString());
      }
      catch (Exception e) {
      System.out.println("Authentication failed: " + e.getMessage());
      } System.out.println("loginservletuser: " + user);
      ...
      **********************************************
      if everything ok, it redirects to other servlet in which i have
      ...
      Principal user1 = request.getUserPrincipal();
      ...
      and it's = null. Because of this I don't have any roles and I can't get access to my beans.

      Please, ive some ideas about it!!!!!
      P.S. With Best regards :)

      and who can tell how create object Principal from object Subject?

        • 1. Re: form based auth & DatabaseServerLoginModule
          Wessel de Roode Newbie

          String login = request.getParameter("j_username");
          String password = request.getParameter("j_password");

          Check these strings, there null. It's not possible to retrieve these values :-(
          I'm stucked here as well

          WebSel

          • 2. Re: form based auth & DatabaseServerLoginModule
            javaprogrammer javaprogrammer Newbie

             

            "WebSel" wrote:
            String login = request.getParameter("j_username");
            String password = request.getParameter("j_password");

            Check these strings, there null. It's not possible to retrieve these values :-(
            I'm stucked here as well

            WebSel


            I checked yhis parameters by System.out. It's not a null. login method executed successful. when I' m redirectin to other servlet there method getUserPrincipal returns null.

            • 3. Re: form based auth & DatabaseServerLoginModule
              Greg Lloyd Newbie

              You don't implement a servlet that retrieves the login creditials. The servlet container intercepts the j_security_check post and initiates the login with the login module you configure automatically.

              Check your query 'Roles' should be "Roles" don't ask why I don't know.

              Add this to the log4j.xml file in your default servers conf directory,



              This should add some logging to your server.log file located in the logs directory. That may help you diagnose what is really going wrong.

              A successful login will result in a log that looks like this:

              2004-10-11 12:09:14,642 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
              2004-10-11 12:09:14,642 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=Unknown
              2004-10-11 12:09:14,642 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/TaTrac2DS
              2004-10-11 12:09:14,642 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT PASSWORD FROM CONTACT WHERE USERNAME=?
              2004-10-11 12:09:14,642 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT R.ROLE as role, "Roles" FROM ROLES AS R, CONTACT AS C, ROLEMAP AS M WHERE C.USERNAME = ? AND C.GROUPID = M.GROUPID AND M.ROLEID = R.ROLEID
              2004-10-11 12:09:14,642 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
              2004-10-11 12:09:15,095 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'glloyd' authenticated, loginOk=true
              2004-10-11 12:09:15,111 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
              2004-10-11 12:09:15,157 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role Admin
              2004-10-11 12:09:15,157 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role TALiaison
              2004-10-11 12:09:15,157 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role CCB
              2004-10-11 12:09:15,157 TRACE [org.jboss.security.plugins.JaasSecurityManager.tatrackerRealm] updateCache, subject=Subject:
              Principal: glloyd
              Principal: Roles(members:CCB,Admin,TALiaison)

              • 4. Re: form based auth & DatabaseServerLoginModule
                Greg Lloyd Newbie

                Sorry the xml got stripped out I am trying again, this is what you add to the log4j.xml:





                • 5. Re: form based auth & DatabaseServerLoginModule
                  Greg Lloyd Newbie

                  &lt;category name="org.jboss.security"&gt; &lt;priority value="TRACE" class="org.jboss.logging.XLevel"/&gt; &lt;/category&gt;