users@glassfish.java.net

Re: JdbcAuthModule

From: Edson Carlos Ericksson Richter <edson.richter_at_mgrinformatica.com.br>
Date: Wed, 07 Jun 2006 08:29:14 -0300

Hi! This message (JdbcRealm)User gesker valid: false is an indication
that this user could not be find on the database using the query
"select count(*) from auth where username = ? and password = ?"

First of all, have you tried to execute this query standalone?

You are using char(10). AFAIK, char(10) is fixed size, so your username
should be "gesker " and your password should be "password ". What if
you change to "varchar(10)"?

Some databases consider "username" and "password" as reserved words
(check your docs, I really don't know about MySql). So, I'll suggest to
change name of these columns to "usrname" and "passwd" (normally, simple
identifiers that will not show any problems).

You could connect through NetBeans Database Explorer and execute this
queries? May be a permission problem too (must grant select on these
tables).

Finally... Have you tried to authenticate using Tomcat?

Best regards,

Richter

Dennis Gesker escreveu:
> I was attempting to implement a jdbcReal as described at:
>
> http://jroller.com/page/brviking?entry=glassfish_for_tomcat_users_jdbc
>
>
> *
> However, I seem have run into some trouble as I keep getting this module to work and I'm wondering if there is
> something special required with regard to the setup of the database tables (sql below). I was
> suprised to see a stack trace as opposed to just a 'login failed message':*
>
>
> (JdbcRealm)User gesker valid: false|#]
>
> com.sun.enterprise.security.LoginException: (JdbcLoginModule) Login failed!
> at org.nbcommunity.glassfish.jdbcAuthModule.JdbcLoginModule.authenticate(JdbcLoginModule.java:61)
> at com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:77)
> at com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:171)
> at sun.reflect.GeneratedMethodAccessor78.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> at com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:283)
> at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:158)
> at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:111)
> at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:419)
> at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:359)
> at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:238)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:534)
> at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:557)
> at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:73)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
> at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
> at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
> at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
> at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
> at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
> at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
> at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:231)
> at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667)
> at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574)
> at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844)
> at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
> at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
> at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
> at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)
> |#]
> JAAS authentication aborted.
> SEC5046: Audit: Authentication refused for [gesker].
>
>
>
>
> *
> On startup of the server I see in the logs:*
>
>
> JdbcRealm initialization successfull, debug on!
> JdbcRealm will execute queries against jdbc/operations|#]
> JdbcRealm will login with select count(*) from auth where username = ? and password = ?|#]
> JdbcRealm will get roles with select role from authrole where username = ?|#]
> JdbcRealm will get all roles with select distinct role from authrole|#]
> [snip]
> Logging in user [gesker] into realm: jdbcRealmAddOn using JAAS module: jdbcRealm
> Login module initialized: class org.nbcommunity.glassfish.jdbcAuthModule.JdbcLoginModule
>
>
>
> *Which leads me to believe that I have most of the configuration options correct.
> My sql to setup my database tables is pretty straight forward as well:*
>
> create table auth(
> id int NOT NULL IDENTITY PRIMARY KEY,
> username char(10) NOT NULL UNIQUE,
> password char(10) NOT NULL
> )
>
> create table authrole(
> id int NOT NULL IDENTITY PRIMARY KEY,
> username char(10) NOT NULL REFERENCES auth(username) ON UPDATE CASCADE ON DELETE CASCADE,
> role char(10) NOT NULL,
> rolecode char(10)
> )
>
> insert into auth(username, password) values ('gesker','password')
> insert into authrole (username, role) values ('gesker','employee')
> insert into authrole (username, role) values ('gesker','supervisor')
> insert into authrole (username, role) values ('gesker','manager')
> insert into authrole (username, role) values ('gesker','admin')
> insert into authrole (username, role) values ('gesker','quality')
> insert into authrole (username, role) values ('gesker','sysadmin')
>
>
>
> *Could someone offer a hint?
>
> Dennis
> *
>
>
>