0 Replies Latest reply on Apr 11, 2003 11:14 AM by Glenn Davidson

    Configuring MySQL with JBoss 3.0.6

    Glenn Davidson Newbie

      I am a new to JBoss and MySql and am trying to get them to work together. I have set up the mysql-service (see below) and login-config.xml (see below). I can get a DataSOurce Object in the lookup("java:/MySqlDS") but I am getting an Invalid authorization specification: Access denied for user Glenn@localhost...
      I had attempted to set the configuration so that I pass in a user name and password as part of the getConnection("..user","..password"). I have GRANTED user permissions to the user table in the mysql database for the user name and password I am passing in.


      // mysql-service.xml

      <?xml version="1.0" encoding="UTF-8"?>

      <!-- ===================================================================== -->
      <!-- -->
      <!-- JBoss Server Configuration -->
      <!-- -->
      <!-- ===================================================================== -->

      <server>

      <!-- ==================================================================== -->
      <!-- New ConnectionManager setup for mysql using 2.0.11 driver -->
      <!-- Build jmx-api (build/build.sh all) and view for config documentation -->
      <!-- ==================================================================== -->

      <mbean code="org.jboss.resource.connectionmanager.LocalTxConnectionManager" name="jboss.jca:service=LocalTxCM,name=MySqlDS">


      <!-- Include a login module configuration named MySqlDbRealm.
      Update your login-conf.xml, here is an example for a
      ConfiguredIdentityLoginModule:

      <application-policy name = "MySqlDbRealm">
      <authentication>
      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
      <module-option name = "principal">yourprincipal</module-option>
      <module-option name = "userName">yourusername</module-option>
      <module-option name = "password">yourpassword</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MySqlDS</module-option>
      </login-module>
      </authentication>
      </application-policy>

      NOTE: the application-policy name attribute must match SecurityDomainJndiName, and the
      module-option name = "managedConnectionFactoryName"
      must match the object name of the ConnectionManager you are configuring here.
      -->
      <!--uncomment out this line if you are using the MySqlDbRealm above -->
      <attribute name="SecurityDomainJndiName">MySqlDbRealm</attribute>


      <depends optional-attribute-name="ManagedConnectionFactoryName">
      <!--embedded mbean-->
      <mbean code="org.jboss.resource.connectionmanager.RARDeployment" name="jboss.jca:service=LocalTxDS,name=MySqlDS">

      <attribute name="JndiName">MySqlDS</attribute>

      <attribute name="ManagedConnectionFactoryProperties">
      <properties>
      <config-property name="ConnectionURL" type="java.lang.String">jdbc:mysql://localhost:3306/jbossdb</config-property>
      <config-property name="DriverClass" type="java.lang.String">org.gjt.mm.mysql.Driver</config-property>
      <!--set these only if you want only default logins, not through JAAS -->
      <config-property name="UserName" type="java.lang.String"></config-property>
      <config-property name="Password" type="java.lang.String"></config-property>
      </properties>

      </attribute>

      <!--Below here are advanced properties -->
      <!--hack-->
      <depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper</depends>

      </mbean>
      </depends>

      <depends optional-attribute-name="ManagedConnectionPool">
      <!--embedded mbean-->
      <mbean code="org.jboss.resource.connectionmanager.JBossManagedConnectionPool" name="jboss.jca:service=LocalTxPool,name=MySqlDS">

      <attribute name="MinSize">10</attribute>
      <attribute name="MaxSize">50</attribute>
      <attribute name="BlockingTimeoutMillis">5000</attribute>
      <attribute name="IdleTimeoutMinutes">15</attribute>
      <!--criteria indicates if Subject (from security domain) or app supplied
      parameters (such as from getConnection(user, pw)) are used to distinguish
      connections in the pool. Choices are
      ByContainerAndApplication (use both),
      ByContainer (use Subject),
      ByApplication (use app supplied params only),
      ByNothing (all connections are equivalent, usually if adapter supports
      reauthentication)-->
      <attribute name="Criteria">ByApplication</attribute>
      </mbean>

      </depends>
      <depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager</depends>

      <depends optional-attribute-name="JaasSecurityManagerService">jboss.security:service=JaasSecurityManager</depends>

      <attribute name="TransactionManager">java:/TransactionManager</attribute>
      <!--make the rar deploy! hack till better deployment-->
      <depends>jboss.jca:service=RARDeployer</depends>

      </mbean>


      </server>

      // login-config.xml
      <?xml version='1.0'?>
      <!DOCTYPE policy PUBLIC
      "-//JBoss//DTD JBOSS Security Config 3.0//EN"
      "http://www.jboss.org/j2ee/dtd/security_config.dtd">

      <!-- The XML based JAAS login configuration read by the
      org.jboss.security.auth.login.XMLLoginConfig mbean. Add
      an application-policy element for each security domain.

      The outline of the application-policy is:
      <application-policy name="security-domain-name">
      <authentication>
      <login-module code="login.module1.class.name" flag="control_flag">
      <module-option name = "option1-name">option1-value</module-option>
      <module-option name = "option2-name">option2-value</module-option>
      ...
      </login-module>

      <login-module code="login.module2.class.name" flag="control_flag">
      ...
      </login-module>
      ...
      </authentication>
      </application-policy>

      $Revision: 1.1.2.4 $
      -->

      <policy>
      <!-- Used by clients within the application server VM such as
      mbeans and servlets that access EJBs.
      -->
      <application-policy name = "client-login">
      <authentication>
      <login-module code = "org.jboss.security.ClientLoginModule"
      flag = "required">
      </login-module>
      </authentication>
      </application-policy>

      <application-policy name = "MySqlDbRealm">
      <authentication>
      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
      <module-option name = "principal">yourprincipal</module-option>
      <module-option name = "userName">Glenn</module-option>
      <module-option name = "password">julia</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MySqlDS</module-option>
      </login-module>
      </authentication>
      </application-policy>

      <!-- Security domain for JBossMQ -->
      <application-policy name = "jbossmq">
      <authentication>
      <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
      flag = "required">
      <module-option name = "unauthenticatedIdentity">guest</module-option>
      <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
      </login-module>
      </authentication>
      </application-policy>

      <!-- Security domains for testing new jca framework -->
      <application-policy name = "HsqlDbRealm">
      <authentication>
      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
      flag = "required">
      <module-option name = "principal">sa</module-option>
      <module-option name = "userName">sa</module-option>
      <module-option name = "password"></module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=hsqldbDS</module-option>
      </login-module>
      </authentication>
      </application-policy>

      <application-policy name = "FirebirdDBRealm">
      <authentication>
      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
      flag = "required">
      <module-option name = "principal">sysdba</module-option>
      <module-option name = "userName">sysdba</module-option>
      <module-option name = "password">masterkey</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
      </login-module>
      </authentication>
      </application-policy>

      <application-policy name = "JmsXARealm">
      <authentication>
      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
      flag = "required">
      <module-option name = "principal">guest</module-option>
      <module-option name = "userName">guest</module-option>
      <module-option name = "password">guest</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=jmsra</module-option>
      </login-module>
      </authentication>
      </application-policy>

      <!-- A template configuration for the jmx-console web application. This
      defaults to the UsersRolesLoginModule the same as other and should be
      changed to a stronger authentication mechanism as required.
      -->
      <application-policy name = "jmx-console">
      <authentication>
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />
      </authentication>
      </application-policy>

      <!-- The default login configuration used by any security domain that
      does not have a application-policy entry with a matching name
      -->
      <application-policy name = "other">
      <!-- A simple server login module, which can be used when the number
      of users is relatively small. It uses two properties files:
      users.properties, which holds users (key) and their password (value).
      roles.properties, which holds users (key) and a comma-separated list of
      their roles (value).
      The unauthenticatedIdentity property defines the name of the principal
      that will be used when a null username and password are presented as is
      the case for an unuathenticated web client or MDB. If you want to
      allow such users to be authenticated add the property, e.g.,
      unauthenticatedIdentity="nobody"
      -->
      <authentication>
      <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />
      </authentication>
      </application-policy>


      </policy>


      Thanks

      Glenn