2 Replies Latest reply on Sep 5, 2005 12:24 PM by Jens Elkner

    jmx-console: db authentication doesn't work

    Jens Elkner Apprentice

      I want to use a DatabaseServerLoginModule instead of the UsersRolesLoginModule for jmx-console authentication. However, this doesn't seem to work (UsersRolesLoginModule does the job, but not DatabaseServerLoginModule).

      the relevant part of my login-config.xml:

      <application-policy name="jmx-console">
       <authentication>
       <login-module
       code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag="required">
       <module-option name="dsJndiName">java:/UserDS</module-option>
       <module-option name="principalsQuery"
       >SELECT passwd2 FROM users WHERE login=? AND status > 0</module-option>
       <module-option name="rolesQuery"
       >SELECT r.name, 'Roles' FROM users u, roles r, user2role m WHERE u.login=? AND u.uid=m.uid AND m.gid=r.gid</module-option>
       <module-option name="hashAlgorithm">MD5</module-option>
       <module-option name="hashEncoding">base64</module-option>
       </login-module>
       </authentication>
       </application-policy>


      The DB Tables:
      CREATE TABLE IF NOT EXISTS `users` (
       `uid` int(11) NOT NULL auto_increment,
       `status` smallint(6) default NULL,
       `email` varchar(64) default NULL,
       `firstname` varchar(32) default NULL,
       `lastname` varchar(32) default NULL,
       `login` varchar(16) NOT NULL default '',
       `middlename` varchar(32) default NULL,
       `passwd` varchar(32) default NULL,
       `passwd2` varchar(32) default '*',
       PRIMARY KEY (`uid`),
       UNIQUE KEY `login` (`login`)
      ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
      
      CREATE TABLE IF NOT EXISTS `roles` (
       `gid` int(11) NOT NULL auto_increment,
       `name` varchar(32) NOT NULL default '',
       PRIMARY KEY (`gid`),
       UNIQUE KEY `name` (`name`)
      ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
      
      CREATE TABLE IF NOT EXISTS `user2role` (
       `uid` int(11) NOT NULL default '0',
       `gid` int(11) NOT NULL default '0',
       PRIMARY KEY (`gid`,`uid`),
       KEY `fk_gid` (`gid`),
       KEY `fk_uid` (`uid`),
       CONSTRAINT `fk_gid` FOREIGN KEY (`gid`) REFERENCES `roles` (`gid`),
       CONSTRAINT `fk_uid` FOREIGN KEY (`uid`) REFERENCES `users` (`uid`)
      ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
      
      INSERT INTO `users` (`uid`,`status`,`login`,`passwd`)
       VALUES (1,1,'admin','ISMvKXpXpadDiUoOSoAfww==');
      INSERT INTO `roles` (`gid`,`name`) VALUES (1,'JBossAdmin');
      INSERT INTO `roles` (`gid`,`name`) VALUES (2,'HttpInvoker');
      INSERT INTO `user2role` (`uid`,`gid`) VALUES (1,1);
      INSERT INTO `user2role` (`uid`,`gid`) VALUES (1,2);
      


      This works for EJB3 apps without any problems, but why not for the jmx-console ?

      Any hint ?

        • 1. Re: jmx-console: db authentication doesn't work
          Scott Stark Master

          And what does not work in the jmx-console, authentication, authorization?

          • 2. Re: jmx-console: db authentication doesn't work
            Jens Elkner Apprentice

            Sorry, for forgetting to add that: authentication doesn't work. The log says:

            2005-09-05 18:20:25,589 DEBUG [http-0.0.0.0-8080-1:org.jboss.security.plugins.JaasSecurityManager:218] - CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@10a69f0
            2005-09-05 18:20:25,589 DEBUG [http-0.0.0.0-8080-1:org.jboss.security.plugins.JaasSecurityManagerService:538] - Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@b125bd
            2005-09-05 18:20:25,592 DEBUG [http-0.0.0.0-8080-1:org.jboss.security.plugins.JaasSecurityManager:229] - CachePolicy set to: org.jboss.util.TimedCachePolicy@24d517
            2005-09-05 18:20:25,593 DEBUG [http-0.0.0.0-8080-1:org.jboss.security.plugins.JaasSecurityManagerService:495] - setCachePolicy, c=org.jboss.util.TimedCachePolicy@24d517
            2005-09-05 18:20:25,594 DEBUG [http-0.0.0.0-8080-1:org.jboss.security.plugins.JaasSecurityManagerService:516] - Added jmx-console, org.jboss.security.plugins.SecurityDomainContext@2219b4 to map
            


            I.e. if I select http://localhost:8080/jmx-console/, I get the mozilla login dialog, I enter the name/password and press ok, but the dialog pops up again. If I cancel the dialog, I get the 401 error page.