1 Reply Latest reply on Apr 22, 2005 7:52 PM by Jorge Perez

    authentication does not endures

    Jorge Perez Newbie

      I did everything as explained in "Complete configuration of JAAS on JBOSS and STRUTS" http://www.javaworld.com/javaforums/showthreaded.php?Cat=&Board=JavaSecurity&Number=2500&page=&view=&sb=5&o=
      and I can actually login, but the time i'am logged in just endures from the login page to the next page, after that iam asked to login again

      this is my login-config.xml:
      <application-policy name="PgDbRealm">

      <login-module code="org.jboss.security.ClientLoginModule" flag="required">
      </login-module>
      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=naturaDS</module-option>
      <module-option name="dsJndiName">java:/naturaDS</module-option>
      <module-option name="principalsQuery">Select password from usuarios where idusuario =?</module-option>
      <module-option name="rolesQuery">Select R.role AS Roles, G.descripcion AS RoleGroups from gruposusuarios GU,roles R, grupos G where idusuario =? AND GU.idrole=R.idrole AND GU.idgrupo=G.idgrupo</module-option>
      </login-module>

      </application-policy>

      jboss-web.xml:
      <security-domain>java:/jaas/PgDbRealm</security-domain>


      \jboss-4.0.1sp1\server\default\conf\auth.conf:

      // The JBoss server side JAAS login config file for the examples

      client-login
      {
      org.jboss.security.ClientLoginModule required;
      };
      PgDbRealm
      {
      org.jboss.security.ClientLoginModule required;
      org.jboss.security.auth.spi.DatabaseServerLoginModule
      required
      dsJndiName="java:/naturaDS"
      principalsQuery="Select password from usuarios where idusuario =?"
      rolesQuery="Select R.role AS Roles, G.descripcion AS RoleGroups from gruposusuarios GU,roles R, grupos G where idusuario =? AND GU.idrole=R.idrole AND GU.idgrupo=G.idgrupo";
      };


      My login action:

      Principal userPrincipal =null;
      try {
      String username=request.getParameter("j_username");
      String password=request.getParameter("j_password");
      System.out.println("password = " + password);
      System.out.println("username = " + username);
      SecurityAssociationHandler handler = new SecurityAssociationHandler();
      userPrincipal= new SimplePrincipal(username);
      handler.setSecurityInfo(userPrincipal, password.toCharArray());
      LoginContext loginContext = new LoginContext("PgDbRealm",(CallbackHandler) handler);
      loginContext.login();
      Subject subject = loginContext.getSubject();
      Set principals = subject.getPrincipals();
      principals.add(userPrincipal);
      } catch (LoginException e) {
      errors.add("loginerror", new ActionError("Wrong Username or Password"));
      saveErrors(request, errors);
      return mapping.findForward("fail");
      }
      System.out.println("logged in-----------------"+userPrincipal); //I reach this line

      return mapping.findForward("success");



      I do actually reach the next page (success) but after that I'am
      asked to login when i did so a few seconds before.

      Any Idea ?

        • 1. Re: authentication does not endures
          Jorge Perez Newbie

          i did find a way....

          the problem is here:

          <module-option name="principalsQuery">Select password from usuarios where idusuario =?</module-option>
          <module-option name="rolesQuery">Select R.role AS Roles, G.descripcion AS RoleGroups from gruposusuarios GU,roles R, grupos G where idusuario =? AND GU.idrole=R.idrole AND GU.idgrupo=G.idgrupo</module-option>

          To solve this I did a view of my table to simplify the long query but
          for a strange reason the rolesQuery and the principalsQuery does not
          work with views so:
          I change my tables
          <module-option name="principalsQuery">select Password from Principals where PrincipalID=?</module-option>
          <module-option name="rolesQuery">select Role, RoleGroup from RRoles where PrincipalID=?</module-option>

          (notice I used "AS ROLES" insted of ROLE and RoleGroups insted of RoleGroup but it was not all the reason of the failure mybe i can't use
          views neither long querys with joins ???)
          And now I can authenticate with out the problem listed before.
          But this solution only works for BASIC authentication, FORM based
          authentication does not.
          I don't know why.
          Any idea about why views does not work and why with my configuration
          only BASIC authentication works? regards