3 Replies Latest reply on Dec 16, 2004 7:26 AM by Raj Subramani

    principalsQuery fails

    Raj Subramani Newbie

      I am trying to set up a simple Security test with JBoss4RC2 and Apache Derby.

      I have set up the security config in login-config.xml as follows:

       <application-policy name = "SecurityTest">
       <authentication>
       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"/>
       <module-option name="dsJndiName">java:/DefaultDS</module-option>
       <module-option name="principalsQuery">select user_passwd from Login_Schema.Registration where user_id = ?</module-option>
       <module-option name="rolesQuery">select user_role, 'Roles' from Login_Schema.User_Roles where user_id = ?</module-option>
       </authentication>
       </application-policy>
      
      



      I run Derby in NeyworkServer mode. I have used DBVisuzlizer to connect to Derby in Network mode and executed the SQL query:

      select user_passwd from Login_Schema.Registration where user_id = 'smith'
      


      and as expected I get:

      user_passwd column as 'smith'


      I have a statless session bean, SecuredSLSB with a single function

       /**
       *
       * @ejb.interface-method view-type="both"
       * @ejb.transaction type="Required"
       *
       */
       public int securedSLSBFunction()
       {
      
       try
       {
       return 1;
       }
       finally
       {
       }
       }
      
      



      The ejb-jar.xml is:

      ...
       <session >
       <description>[CDATA[Description for SecuredSLSB]]</description>
       <display-name>Name for SecuredSLSB</display-name>
      
       <ejb-name>SecuredSLSB</ejb-name>
      
       <home>com.clarologic.jaas.stateless.SecuredSLSBHome</home>
       <remote>com.clarologic.jaas.stateless.SecuredSLSB</remote>
       <local-home>com.clarologic.jaas.stateless.SecuredSLSBLocalHome</local-home>
       <local>com.clarologic.jaas.stateless.SecuredSLSBLocal</local>
       <ejb-class>com.clarologic.jaas.stateless.SecuredSLSBean</ejb-class>
       <session-type>Stateless</session-type>
       <transaction-type>Container</transaction-type>
      
       </session>
      ...
      
       <assembly-descriptor >
       <security-role>
       <description>[CDATA[description not supported yet by ejbdoclet]]</description>
       <role-name>admin_role</role-name>
       </security-role>
      
       <method-permission >
       <description>[CDATA[description not supported yet by ejbdoclet]]</description>
       <role-name>admin_role</role-name>
       <method >
       <description>[CDATA[description not supported yet by ejbdoclet]]</description>
       <ejb-name>SecuredSLSB</ejb-name>
       <method-name>*</method-name>
       </method>
       </method-permission>
      ...
      



      When accessed by the client (unit test) I get:


      17:48:40,281 ERROR [DatabaseServerLoginModule] Query failed
      com.ibm.db2.jcc.c.SqlException: DB2 SQL error: SQLCODE: -1, SQLSTATE: 42X05, SQLERRMC: PRINCIPALS42X05
       at com.ibm.db2.jcc.c.zc.e(zc.java:1606)
       at com.ibm.db2.jcc.a.eb.p(eb.java:634)
       at com.ibm.db2.jcc.a.eb.h(eb.java:152)
       at com.ibm.db2.jcc.a.eb.a(eb.java:43)
       at com.ibm.db2.jcc.a.r.a(r.java:30)
       at com.ibm.db2.jcc.a.tb.g(tb.java:152)
       at com.ibm.db2.jcc.c.zc.n(zc.java:1186)
       at com.ibm.db2.jcc.c.ad.db(ad.java:1761)
       at com.ibm.db2.jcc.c.ad.d(ad.java:2203)
       at com.ibm.db2.jcc.c.ad.U(ad.java:489)
       at com.ibm.db2.jcc.c.ad.executeQuery(ad.java:472)
       at org.jboss.resource.adapter.jdbc.WrappedPreparedStatement.executeQuery(WrappedPreparedStatement.java:296)
       at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:101)
       at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:156)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
      ...
      
      



      Is this a Derby problem or a JBoss problem. If its the former I can swith to another DB (Oracle or Firebird) and test that.

      Or maybe I have missed something?


      Cheers
      -raj

        • 1. Re: principalsQuery fails
          Raj Subramani Newbie

          It seems as if the principalsQuery is not being set as per the login-config.xml detail.

          What do I do (in log4j.xml) to get the trace so that I can see what the principalsQuery was set to?

          My client code is as follows:

           System.setProperty(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");
           System.setProperty(Context.PROVIDER_URL,"jnp://localhost:1099");
           System.setProperty("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
           handler = new MyCallbackHandler("smith", "smith".toCharArray());
           lc = new LoginContext("SecurityTest", handler);
           lc.login();
          
           context = new InitialContext(System.getProperties());
           objRef = context.lookup("ejb/SecuredSLSB");
           slsbHome = (SecuredSLSBHome)javax.rmi.PortableRemoteObject.narrow(objRef, SecuredSLSBHome.class);
           securedSLSB = slsbHome.create();
           System.out.println("securedSLSB.securedSLSBFunction = "+securedSLSB.securedSLSBFunction());
          
          


          • 2. Re: principalsQuery fails
            Raj Subramani Newbie

            Ok, so I'm missing something basic, because the principalsQuery is not being set to what I specified in my login-config.xml

            The trace is as below:

            2004-12-15 22:04:46,515 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
            2004-12-15 22:04:46,515 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/DefaultDS
            2004-12-15 22:04:46,515 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=select Password from Principals where PrincipalID=?
            2004-12-15 22:04:46,515 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=select Role, RoleGroup from Roles where PrincipalID=?
            2004-12-15 22:04:46,515 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
            2004-12-15 22:04:46,531 ERROR [org.jboss.security.auth.spi.DatabaseServerLoginModule] Query failed
            com.ibm.db2.jcc.c.SqlException: DB2 SQL error: SQLCODE: -1, SQLSTATE: 42X05, SQLERRMC: PRINCIPALS42X05
             at com.ibm.db2.jcc.c.zc.e(zc.java:1606)
             at com.ibm.db2.jcc.a.eb.p(eb.java:634)
            



            I really would appreciate some help here.

            Cheers
            -raj

            • 3. Re: principalsQuery fails
              Raj Subramani Newbie

              My error after all

              login-config.xml was:

               <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"/>
               <module-option name="dsJndiName">java:/DefaultDS</module-option>
               <module-option name="principalsQuery">select user_passwd from Login_Schema.Registration where user_id = ?</module-option>
               <module-option name="rolesQuery">select user_role, 'Roles' from Login_Schema.User_Roles where user_id = ?</module-option>
              
              



              but should have been

               <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
               <module-option name="dsJndiName">java:/DefaultDS</module-option>
               <module-option name="principalsQuery">select user_passwd from Login_Schema.Registration where user_id = ?</module-option>
               <module-option name="rolesQuery">select user_role, 'Roles' from Login_Schema.User_Roles where user_id = ?</module-option>
               </login-module>
              
              



              Don't worry, I gave myself a good kicking.

              Cheers
              -raj