Thanks Bobby!
I am not so handy with all Glassfish config tools etc. So sorry if I do
things wrong, you will have to spell it out for me...
I edited
/domains/domain1/config/logging.properties
.. and added this line:
com.sun.enterprise.security.level=FINEST
.. then I did a new request for my secured page and on the JAAS login page
entered my credentials and submitted.
There is a lot of logging, but to be honest I still have no idea what is
going wrong.
Here is the logging output:
FINE: [Web-Security] Policy Context ID was: pv/pv
FINE: [Web-Security] hasUserDataPermission perm:
(javax.security.jacc.WebUserDataPermission /auth/j_security_check POST)
FINE: [Web-Security] hasUserDataPermission isGranted: true
FINEST: Processing login with credentials of type: class
com.sun.enterprise.security.auth.login.common.PasswordCredential
FINE: Logging in user [admin] into realm: PVPluimen using JAAS module:
jdbcRealm
FINE: Login module initialized: class
com.sun.enterprise.security.auth.login.JDBCLoginModule
SEVERE: [LoginContext]: original security exception with detail msg
replaced by new exception with empty detail msg
SEVERE: [LoginContext]: original security exception:
com.sun.enterprise.security.auth.login.common.LoginException: Failed jdbc
login for admin.
SEVERE: [LoginContext]: login REQUIRED failure
FINE: JAAS authentication aborted.
SEVERE: [LoginContext]: abort ignored
FINEST: doPasswordLogin fails
javax.security.auth.login.LoginException: Security Exception
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:341)
at
com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:199)
at
com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:152)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:478)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:417)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:265)
at
org.apache.catalina.authenticator.AuthenticatorBase.processSecurityCheck(AuthenticatorBase.java:970)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:575)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:615)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
at
com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
at
org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:332)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:233)
at
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
at
com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
at
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
at
com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
at
com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
at
com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.SecurityException
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:857)
... 34 more
WARNING: Web login failed: Login failed:
javax.security.auth.login.LoginException: Security Exception
FINE: [Web-Security] Policy Context ID was: pv/pv
FINE: [Web-Security] hasUserDataPermission perm:
(javax.security.jacc.WebUserDataPermission /auth/login GET)
FINE: [Web-Security] hasUserDataPermission isGranted: true
INFO: AuthorizationServlet#doGet: Starting...
INFO: AuthorizationServlet#doGet: action=login
INFO: AuthorizationServlet#doLoginForm: Starting...
INFO: AuthorizationServlet#doLoginForm: Done.
INFO: AuthorizationServlet#doGet: Done.
FINE: SecurityContext: setCurrentSecurityContext method called
FINE: [Web-Security] Policy Context ID was: pv/pv
FINE: [Web-Security] hasUserDataPermission perm:
(javax.security.jacc.WebUserDataPermission /style.css GET)
FINE: [Web-Security] hasUserDataPermission isGranted: true
FINE: [Web-Security] Policy Context ID was: pv/pv
FINE: [Web-Security] hasResource isGranted: true
FINE: [Web-Security] hasResource perm:
(javax.security.jacc.WebResourcePermission /style.css GET)
FINE: SecurityContext: setCurrentSecurityContext method called
The AuthorizationServlet is mine. It accepts incoming requests on the URL I
configured in web-xml and forwards the request to the login.jsp using
request.getRequestDispatcher("/WEB-INF/jsp/auth/login.jsp").forward(request,
response)
Relevant config in web.xml:
<servlet>
<servlet-name>AuthorizationServlet</servlet-name>
<servlet-class>nl.planon.pv.auth.AuthorizationServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthorizationServlet</servlet-name>
<url-pattern>/auth/*</url-pattern>
</servlet-mapping>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>PVPluimen</realm-name>
<form-login-config>
<form-login-page>/auth/login</form-login-page>
<form-error-page>/auth/login?error=true</form-error-page>
</form-login-config>
</login-config>
----- Original Message -----
From: "Bobby Bissett" <bobby.bissett_at_oracle.com>
To: <dev_at_glassfish.dev.java.net>
Sent: Tuesday, May 04, 2010 7:55 PM
Subject: Re: Debugging Glassfish itself
> On May 4, 2010, at 12:52 PM, Stijn de Witt wrote:
>>
>> The issue I have is that my JDBCRealm setup seems Ok (I see realm being
>> loaded) but I am unable to login. I have manually inserted a username
>> and password in the DB (and set digest to none) but still it will not
>> let me in with those credentials. The error messages are really vague
>> (basically it just throws generic LoginException) so that is why I
>> wanted to debug.
>
> In many cases, the fastest way to solve this isn't with the debugger.
> Head on over to your friendly admin console, go to the logging page, and
> turn the security logging up to finest. Then try to log in again and
> quickly turn the logging back down to info. Check the server log and
> you'll see what specific error caused the problem.
>
> Cheers,
> Bobby
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>