11 Replies Latest reply on Apr 8, 2004 1:24 PM by billen

    Authentification with JBoss.NET and DatabaseServerLoginModul

    billen Newbie

      I'm trying to enable authentification on my webservices. I am doing it this way:

      http://www.nsdev.org/jboss/stories/jboss-net.html

      It seems as if the client is sending the username and password allright. The webservice is also requesting the JAAS module, but ten something is going wrong.

      I get this error on server:

      java.sql.SQLException: Table not found: PRINCIPALS in statement [select Password from Principals where PrincipalID='billen']
       at org.hsqldb.Trace.getError(Unknown Source)
       at org.hsqldb.jdbcResultSet.<init>(Unknown Source)
       at org.hsqldb.jdbcConnection.executeStandalone(Unknown Source)
       ...


      This cant be right, cause that is NOT the prepared statement I have defined in login-config.xml. It also uses hsqldb, which again is not the datasource I have defined in login-config.xml. My login-config.xml looks like this:

      <application-policy name = "openbroad">
       <authentication>
       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required" />
       <module-option name="dsJndiName">java:/OpenBroadDB</module-option>
       <module-option name="principalsQuery">SELECT password FROM usertable WHERE username=?</module-option>
       <module-option name="rolesQuery">SELECT role, 'Roles' FROM userroles WHERE username=?</module-option>
       </authentication>
      </application-policy>


      I am using Jboss4dr3.

        • 1. Re: Authentification with JBoss.NET and DatabaseServerLoginM
          Jason Essington Newbie

          Does the application policy "other" also have a DatabaseServerLoginModule configured to use the defaultDS?

          It looks like maybe the AxisServlet (jboss-net.war) is trying to authenticate the HTTP request against that.

          Have you set the security domain for JBoss.Net?

          It is in the jboss-net.sar/jboss-net.war/WEB-INF/jboss-web.xml

          By default it is set to use "other"

          you could to set it to:

          <jboss-web><security-domain>java:/jaas/openbroad</security-domain></jboss-web>


          And maybe clear up your problem.

          I have tried my JBoss.Net application (which uses the DatabaseServerLoginModule) on JBoss 4.0DR3 and it seemed to work o.k.

          • 2. Re: Authentification with JBoss.NET and DatabaseServerLoginM
            billen Newbie

            Hello and thank you for your reply

            It didn't work and I still get the same error message.

            Should I post some of the code, so you can check if it is correct?

            • 3. Re: Authentification with JBoss.NET and DatabaseServerLoginM
              Frank Heldt Newbie

              Do you use ant?

              Then putting

              * @jboss-net.authentication
              * domain="openbroad"
              * validate-unauthenticated-calls="true"
              *
              * @jboss-net.authorization
              * domain="openbroad"

              in your (Webservice) Session Bean should do the job, which means it puts the corresponding entry in webservice.xml

              • 4. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                billen Newbie

                 

                "fheldt" wrote:
                Do you use ant?

                Then putting

                * @jboss-net.authentication
                * domain="openbroad"
                * validate-unauthenticated-calls="true"
                *
                * @jboss-net.authorization
                * domain="openbroad"

                in your (Webservice) Session Bean should do the job, which means it puts the corresponding entry in webservice.xml


                I guess you mean XDoclet? Yes I do it that way. I do it the way you can see at the link in my first post.

                • 5. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                  Frank Heldt Newbie

                  Yes, i meant xdoclet, sorry for confusion.

                  Does your webservice.xml contain lines like the following?

                   <handler type="java:org.jboss.net.axis.server.JBossAuthenticationHandler">
                   <parameter name="securityDomain" value="java:/jaas/..."/>
                   </handler>
                   <handler type="java:org.jboss.net.axis.server.JBossAuthorizationHandler">
                   <parameter name="securityDomain" value="java:/jaas/..."/>
                   <parameter name="allowedRoles" value="..."/>
                   <parameter name="deniedRoles" value="..."/>
                   </handler>
                  


                  • 6. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                    Jason Essington Newbie

                    first thing, the dsJndiName doesn't look quite right. it should be
                    java:jaas/something
                    in your case, maybe
                    java:jaas/OpenbroadDS

                    or whatever is in your openbroad-ds.xml file in the <jndi-name> tag.

                    you might also check for any other <application-policy>s that have a DatabaseServerLoginModule in them that may be misconfigured.

                    • 7. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                      billen Newbie

                       

                      "fheldt" wrote:
                      Does your webservice.xml contain lines like the following?


                      Yes the web-service.xml file that is generated by XDoclet look like this:

                      <service name="TestService" provider="Handler">
                       <parameter name="handlerClass" value="org.jboss.net.axis.server.EJBProvider"/>
                       <parameter name="beanJndiName" value="webservice/TestService"/>
                       <parameter name="allowedMethods" value="testLogin "/>
                       <requestFlow name="TestServiceRequest">
                       <handler type="java:org.jboss.net.axis.server.JBossAuthenticationHandler">
                       <parameter name="securityDomain" value="java:/jaas/openbroad"/>
                       <parameter name="validateUnauthenticatedCalls" value="true"/>
                       </handler>
                       <handler type="java:org.jboss.net.axis.server.JBossAuthorizationHandler">
                       <parameter name="securityDomain" value="java:/jaas/openbroad"/>
                       <parameter name="allowedRoles" value="admin"/>
                       </handler>
                       </requestFlow>
                       <responseFlow name="TestServiceResponse">
                       </responseFlow>
                      </service>


                      • 8. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                        billen Newbie

                         

                        "Essington" wrote:
                        first thing, the dsJndiName doesn't look quite right. it should be
                        java:jaas/something
                        in your case, maybe
                        java:jaas/OpenbroadDS

                        or whatever is in your openbroad-ds.xml file in the <jndi-name> tag.


                        Are you sure about that? JAAS is Java Authentication and Authorization Service and does not IMHO have anything to do with the datasource file.

                        • 9. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                          Jason Essington Newbie

                           

                          "billen" wrote:
                          Are you sure about that? JAAS is Java Authentication and Authorization Service and does not IMHO have anything to do with the datasource file.


                          Bah!

                          I meant "java:jdbc/OpenbroadDS"

                          jdbc not jaas (this alphabet soup of Sun's keeps confusing me)

                          Sorry about that.

                          At any rate the value in should match the value in your datasource definition. The will need "java:" prepended to whatever value is in the <jndi-name> tag of your xxx-ds.xml file.

                          • 10. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                            Adrian Brock Master

                            Your xml is incorrect. It should be:

                            <application-policy name = "openbroad">
                             <authentication>
                             <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required" >
                             <module-option name="dsJndiName">java:/OpenBroadDB</module-option>
                             <module-option name="principalsQuery">SELECT password FROM usertable WHERE username=?</module-option>
                             <module-option name="rolesQuery">SELECT role, 'Roles' FROM userroles WHERE username=?</module-option>
                             </login-module>
                             </authentication>
                            </application-policy>
                            


                            • 11. Re: Authentification with JBoss.NET and DatabaseServerLoginM
                              billen Newbie

                               

                              "adrian@jboss.org" wrote:
                              Your xml is incorrect. ...


                              Thank you adrian. It works now.