5 Replies Latest reply on Jul 14, 2006 4:49 AM by A T

    connect FORM authentication and DatabaseServerLoginModule

    Susumu Majima Newbie

      I would like to use FORM authentication and DatabaseServerLoginModule conbination.

      I put the below in login-config.xml

       <application-policy name="TestDB">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag = "required" >
       <module-option name="dsJndiName">java:/MySecurityDS</module-option>
       <module-option name="principalsQuery">select passwd from users where username=?</module-option>
       <module-option name="rolesQuery">select userroles, 'Roles' from userroles where username=?</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      and set up DataSource propery.

      I wrote the below in web.xml

       <security-constraint>
       <web-resource-collection>
       <web-resource-name>User Auth</web-resource-name>
       <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
       <role-name>admin</role-name>
       <role-name>user</role-name>
       </auth-constraint>
       </security-constraint>
       <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
       <form-login-page>/login.jsp</form-login-page>
       <form-error-page>/error.jsp</form-error-page>
       </form-login-config>
       </login-config>
      
       <security-role>
       <role-name>admin</role-name>
       </security-role>
       <security-role>
       <role-name>user</role-name>
       </security-role>
      
      
      


      I tried FORM authentication there was a message from JBOSS.

      
      17:47:24,526 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
      java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
       at org.jboss.security.auth.spi.Util.loadProperties(Util.java:313)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at javax.security.auth.login.LoginContext.invoke(Unknown Source)
       at javax.security.auth.login.LoginContext.access$000(Unknown Source)
       at javax.security.auth.login.LoginContext$4.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
       at javax.security.auth.login.LoginContext.login(Unknown Source)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
       at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
       at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
       at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
       at java.lang.Thread.run(Unknown Source)
      
      


      It seems to use the UsersRolesLoginModule. What should I do to connect with DatabaseServerLoginModule?



        • 1. Re: connect FORM authentication and DatabaseServerLoginModul
          Joan Bordeau Newbie

          You have to get in WEB-INF a jboss-web.xml file, like that :

          <jboss-web>
           <security-domain>java:/jaas/Protected-Web-Services</security-domain>
          </jboss-web>
          


          This file describes the realm to use. At me my web.xml is like that :
          <login-config>
           <auth-method>BASIC</auth-method>
           <realm-name>Protected-Web-Services</realm-name>
           </login-config>
          


          Thus, in your case, you have to have instead of "Protected-Web-Services", "TestDB" in order that works.

          To help you :
          <policy>
           <application-policy name="Protected-Web-Services">
           <authentication>
           <login-module
           code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
           flag="required">
           <module-option name="unauthenticatedIdentity">
           guest
           </module-option>
           <module-option name="password-stacking">
           useFirstPass
           </module-option>
           <module-option name="dsJndiName">
           java:/UserWebRights-ds
           </module-option>
           <module-option name="principalsQuery">
           SELECT user_pass FROM users WHERE user_name=?
           </module-option>
           <module-option name="rolesQuery">
           SELECT role_name, 'Roles' FROM user_roles WHERE user_name=?
           </module-option>
           </login-module>
           </authentication>
           </application-policy>
          </policy>
          


          In summary, you must have the same realm name in these files.

          • 2. Re: connect FORM authentication and DatabaseServerLoginModul
            chris griffith Expert

            hey gang,

            boby, Smajima asked for FORM auth, not BASIC.

            Smajima, Part of what boby said is correct. You need to have a jboss-web.xml file in the WEB-INF directory of your war that includes a security-domain like

            <jboss-web>
            ...
             <security-domain>java:/jaas/TestDB</security-domain>
            ...
            </jboss-web>
            


            enjoy, cgriffith

            • 3. Re: connect FORM authentication and DatabaseServerLoginModul
              Joan Bordeau Newbie

              Yes, yes, I know well. But it is the problem of copy paste.

              • 5. Re: connect FORM authentication and DatabaseServerLoginModul
                A T Newbie

                I have the same problem....

                When I use the DatabaseLogin Module with BASIC authentication it all works fine. But as soon as I switch to FORM authentication I get the
                10:38:15,015 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
                java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found

                I have the following method called by FACES to handle the login...


                public String login(){

                boolean loginflag=false;
                try{

                CallbackHandler cbh = new ABILWebCallBackHandler(idNumber, password, randomcheck);
                LoginContext lc = new LoginContext("ABILWeb", cbh);
                lc.login();
                Subject sub = lc.getSubject();

                return "success";
                }catch(Exception e){
                return "failed";
                }

                }

                My call back handler populates teh username and password in the callbacks[]...

                Any suggestions?