2 Replies Latest reply on Mar 11, 2005 4:31 PM by Scott Stark

    JAAS authentication using a MySQL database ?

    Sébastien ARBOGAST Newbie

      Hi,

      I'm trying to use a MySQL database as a DataSource for JAAS authentication.
      I followed all the instructions in getting started guide to install a MySQL database as a datasource and use it as a JAAS data source. By the way I don't know why chapter 9 about Security Configuration disappeared in the last revision of getting started guide for JBoss AS 4.0.1 !!! It was actually very usefull for me, especially the section about base64 and md5.

      But it's not my main concern. When I use the following configuration, everything works just fine for the authentication in my web application :

      mysql-ds.xml

      <datasources>
       <local-tx-datasource>
       <jndi-name>MySqlDS</jndi-name>
       <connection-url>jdbc:mysql://localhost:3306/jboss</connection-url>
       <driver-class>com.mysql.jdbc.Driver</driver-class>
       <user-name>jboss</user-name>
       <password>password</password>
       </local-tx-datasource>
      </datasources>
      


      in login-config.xml
      <policy>
       <application-policy name="myapp">
       <authentication>
       <!-- A JDBC based LoginModule
       LoginModule options:
       dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables
       principalsQuery: The prepared statement query equivalent to:
       "select Password from Principals where PrincipalID=?"
       rolesQuery: The prepared statement query equivalent to:
       "select Role, RoleGroup from Roles where PrincipalID=?"
       -->
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">java:MySqlDS</module-option>
       <module-option name="principalsQuery">select Password from Principals where PrincipalID=?</module-option>
       <module-option name="rolesQuery">select Role, RoleGroup from Roles where PrincipalID=?</module-option>
       <module-option name="hashAlgorithm">MD5</module-option>
       <module-option name="hashEncoding">base64</module-option>
       </login-module>
       </authentication>
       </application-policy>
      ...
      </policy>
      


      As this works, it means that my database and my requests are OK.

      But the problem is that the XML framework I'm using (Orbeon Presentation Server) needs the datasource to be bound to a JNDI name beginning with "java:comp/env/jdbc/" so I tried the following variant for configuration :

      mysql-ds.xml
      <datasources>
       <local-tx-datasource>
       <jndi-name>comp/env/jdbc/MySqlDS</jndi-name>
       <connection-url>jdbc:mysql://localhost:3306/jboss</connection-url>
       <driver-class>com.mysql.jdbc.Driver</driver-class>
       <user-name>jboss</user-name>
       <password>password</password>
       </local-tx-datasource>
      </datasources>
      


      and in login-config.xml
      <policy>
       <application-policy name="myapp">
       <authentication>
       <!-- A JDBC based LoginModule
       LoginModule options:
       dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables
       principalsQuery: The prepared statement query equivalent to:
       "select Password from Principals where PrincipalID=?"
       rolesQuery: The prepared statement query equivalent to:
       "select Role, RoleGroup from Roles where PrincipalID=?"
       -->
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">java:comp/env/jdbc/MySqlDS</module-option>
       <module-option name="principalsQuery">select Password from Principals where PrincipalID=?</module-option>
       <module-option name="rolesQuery">select Role, RoleGroup from Roles where PrincipalID=?</module-option>
       <module-option name="hashAlgorithm">MD5</module-option>
       <module-option name="hashEncoding">base64</module-option>
       </login-module>
       </authentication>
       </application-policy>
      ...
      </policy>
      


      According to the JMX console, the datasource is bound to the JNDI name "java:comp/env/jdbc/MySqlDS" but my authentication doesn't work and I'm always redirected to the login-error page.

      Do you have any idea of where the problem comes from ? If you don't, how can I get detailed error messages giving more details about why my login is refused ?

      Thanks in advance