2 Replies Latest reply on Mar 29, 2006 1:40 PM by Manisha Sathe

    Problem with DatabaseServerLoginModule

    Manisha Sathe Newbie

      I am very new to jboss / security. Currently doing a study project which requires database realm.

      1)I downloaded jboss 3.2.5 and configures mysql for it. To configure mysql i changed

      - mysql-ds.xml (put inside deploy and added database name and url)
      - standardjaws.xml (added jndi - java:/MySqlDS)
      - login-config.xml -> added as below ->

      <application-policy name = "MySqlDbRealm">

      <login-module code =
      "org.jboss.resource.security.ConfiguredIdentityLoginModule"
      flag = "required">
      <module-option name ="principal">sa</module-option>
      <module-option name ="userName">sa</module-option>
      <module-option name ="password"></module-option>
      <module-option name ="managedConnectionFactoryName">
      jboss.jca:service=LocalTxCM,name=MySqlDS
      </module-option>
      </login-module>

      </application-policy>

      and tested with one testconnection servlet which is fine.

      2)Now I want to set form based authentication with DatabaseServerLoginModule

      - added corresponding entries inside web.xml

      - created 2 tables:

      CREATE TABLE Users(username VARCHAR(64) PRIMARY KEY, passwd VARCHAR(64))
      CREATE TABLE UserRoles(username VARCHAR(64), userRoles VARCHAR(32))

      - added into login-config.xml

      <application-policy name="testDB">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag="required">
      <module-option name="dsJndiName">MySqlDS</module-option>
      <module-option name="principalsQuery">
      select passwd from Users where username=?</module-option>
      <module-option name="rolesQuery">
      select userRoles from UserRoles where username=?</module-option>
      </login-module>

      </application-policy>

      if i access any page which is restricted it gives me login page but it always goes inside, user id and password has no effect at all.

      What is missing ? Pls help me.

      regards
      Manisha


        • 1. Re: Problem with DatabaseServerLoginModule
          Manisha Sathe Newbie

          Tried many different combinations still not getting it work. Putting all details -

          1)My web.xml

          <security-constraint>
          <display-name>Example Security Constraint</display-name>
          <web-resource-collection>
          <web-resource-name>Protected Area</web-resource-name>
          <url-pattern>/protected/*</url-pattern>
          <http-method>DELETE</http-method>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
          <http-method>PUT</http-method>
          </web-resource-collection>
          <auth-constraint>
          <role-name>manager</role-name>
          </auth-constraint>
          <user-data-constraint><transport-guarantee>NONE</transport-guarantee></user-data-constraint>
          </security-constraint>

          <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>Example Form-Based Authentication Area</realm-name>
          <form-login-config>
          <form-login-page>/login.jsp</form-login-page>
          <form-error-page>/error.jsp</form-error-page>
          </form-login-config>
          </login-config>
          <security-role>
          A Manager
          <role-name>manager</role-name>
          </security-role>

          2)login-config.xml - i have just overwritten 'other' and rest all i kept as it is.

          <application-policy name="other">

          <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
          <module-option name="unauthenticatedIdentity">guest</module-option>
          <module-option name="dsJndiName">java:/MySqlDS</module-option>
          <module-option name="principalsQuery">select Password from Principals where PrincipalID=?</module-option>
          <module-option name="rolesQuery">select Role, 'Roles' from Roles where PrincipalID=?</module-option>
          </login-module>

          </application-policy>

          <!--for mysql-->
          <application-policy name = "MySqlDbRealm">

          <login-module code =
          "org.jboss.resource.security.ConfiguredIdentityLoginModule"
          flag = "required">
          <module-option name ="principal">sa</module-option>
          <module-option name ="userName">sa</module-option>
          <module-option name ="password"></module-option>
          <module-option name ="managedConnectionFactoryName">
          jboss.jca:service=LocalTxCM,name=MySqlDS
          </module-option>
          </login-module>

          </application-policy>


          3)2 tables
          principals with PrincipalID and Password fields
          roles with PrincipalID, Role, RoleGroup

          4) my login form -

          <form method="POST" action='<%= response.encodeURL("j_security_check") %>' >


          Username:



          Password:










          5)if i try to call any page which is under /proteced dir, login page is displayed, but whether user id is correct or wrong it does not make any difference. After submit it just displays the protected page, there is nothing displayed on console.

          6)I tried to put inside /WEB-INF/jboss-web.xml as follows

          <security-domain>other</security-domain>

          but then I got NamingException error.

          How can I determine that my application is using which application-policy ?

          Pls pls any body can point out what's going wrong here? Am i missing anything?

          regards
          Manisha

          • 2. Re: Problem with DatabaseServerLoginModule
            Manisha Sathe Newbie

            finally i could solve it

            Instead of 'other' i used my own name and put inside jboss-web.xml as 'java:/jaas/mypolicy' and it worked.

            regards
            Manisha