users@glassfish.java.net

Re: JdbcAuthModule

From: Dennis Gesker <gesker_at_alamon.com>
Date: Wed, 07 Jun 2006 10:32:52 -0600

I still seem to be stuck.

I changed the field names and types to usrname varchar(10) and passwd
varchar(10)
changed userTable="dbo"."auth"
changed userRoleTable="dbo"."authrole"

In my logs I can see:

Asked authenticate gesker password will not be shown!|#]
(JdbcRealm)User gesker valid: true|#]
Asked roles for gesker|#]
JdbcRealm roles query returned employee for gesker|#]
JdbcRealm roles query returned supervisor for gesker|#]
JdbcRealm roles query returned manager for gesker|#]
JdbcRealm roles query returned admin for gesker|#]
JdbcRealm roles query returned quality for gesker|#]
JdbcRealm roles query returned sysadmin for gesker|#]

Which I take as a good sign. But, I get an HTTP Status 403 - Access to
the requested resource has been denied.

In my test project I only have one file, index.jsp. This file is the
only file in the web resource collection of my restraint which is
enabled for 'employee' role name.

Dennis





Edson Carlos Ericksson Richter wrote:
> Hi! This message (JdbcRealm)User gesker valid: false is an indication
> that this user could not be find on the database using the query
> "select count(*) from auth where username = ? and password = ?"
>
> First of all, have you tried to execute this query standalone?
>
> You are using char(10). AFAIK, char(10) is fixed size, so your
> username should be "gesker " and your password should be "password
> ". What if you change to "varchar(10)"?
>
> Some databases consider "username" and "password" as reserved words
> (check your docs, I really don't know about MySql). So, I'll suggest
> to change name of these columns to "usrname" and "passwd" (normally,
> simple identifiers that will not show any problems).
>
> You could connect through NetBeans Database Explorer and execute this
> queries? May be a permission problem too (must grant select on these
> tables).
>
> Finally... Have you tried to authenticate using Tomcat?
>
> Best regards,
>
> Richter
>
> Dennis Gesker escreveu:
>> I was attempting to implement a jdbcReal as described at:
>>
>> http://jroller.com/page/brviking?entry=glassfish_for_tomcat_users_jdbc
>>
>>
>> *
>> However, I seem have run into some trouble as I keep getting this
>> module to work and I'm wondering if there is something special
>> required with regard to the setup of the database tables (sql below).
>> I was
>> suprised to see a stack trace as opposed to just a 'login failed
>> message':*
>>
>>
>> (JdbcRealm)User gesker valid: false|#]
>>
>> com.sun.enterprise.security.LoginException: (JdbcLoginModule) Login
>> failed!
>> at
>> org.nbcommunity.glassfish.jdbcAuthModule.JdbcLoginModule.authenticate(JdbcLoginModule.java:61)
>>
>> at
>> com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:77)
>>
>> at
>> com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:171)
>>
>> at sun.reflect.GeneratedMethodAccessor78.invoke(Unknown Source)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>
>> at java.lang.reflect.Method.invoke(Method.java:585)
>> at
>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
>> at
>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>> at
>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at
>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>> at
>> javax.security.auth.login.LoginContext.login(LoginContext.java:579)
>> at
>> com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:283)
>>
>> at
>> com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:158)
>>
>> at
>> com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:111)
>>
>> at
>> com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:419)
>> at
>> com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:359)
>> at
>> org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:238)
>>
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:534)
>>
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:557)
>>
>> at
>> com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:73)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
>>
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
>>
>> at
>> com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
>>
>> at
>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
>>
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
>>
>> at
>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
>>
>> at
>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
>> at
>> org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:231)
>> at
>> com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667)
>>
>> at
>> com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574)
>>
>> at
>> com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844)
>>
>> at
>> com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
>>
>> at
>> com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
>>
>> at
>> com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
>> at
>> com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)
>>
>> |#]
>> JAAS authentication aborted.
>> SEC5046: Audit: Authentication refused for [gesker].
>>
>>
>>
>>
>> *
>> On startup of the server I see in the logs:*
>>
>>
>> JdbcRealm initialization successfull, debug on! JdbcRealm will
>> execute queries against jdbc/operations|#] JdbcRealm will login with
>> select count(*) from auth where username = ? and password = ?|#]
>> JdbcRealm will get roles with select role from authrole where
>> username = ?|#] JdbcRealm will get all roles with select distinct
>> role from authrole|#]
>> [snip]
>> Logging in user [gesker] into realm: jdbcRealmAddOn using JAAS
>> module: jdbcRealm
>> Login module initialized: class
>> org.nbcommunity.glassfish.jdbcAuthModule.JdbcLoginModule
>>
>>
>>
>> *Which leads me to believe that I have most of the configuration
>> options correct. My sql to setup my database tables is pretty
>> straight forward as well:*
>>
>> create table auth(
>> id int NOT NULL IDENTITY PRIMARY KEY,
>> username char(10) NOT NULL UNIQUE,
>> password char(10) NOT NULL
>> )
>>
>> create table authrole(
>> id int NOT NULL IDENTITY PRIMARY KEY,
>> username char(10) NOT NULL REFERENCES auth(username) ON UPDATE
>> CASCADE ON DELETE CASCADE,
>> role char(10) NOT NULL,
>> rolecode char(10)
>> )
>>
>> insert into auth(username, password) values ('gesker','password')
>> insert into authrole (username, role) values ('gesker','employee')
>> insert into authrole (username, role) values ('gesker','supervisor')
>> insert into authrole (username, role) values ('gesker','manager')
>> insert into authrole (username, role) values ('gesker','admin')
>> insert into authrole (username, role) values ('gesker','quality')
>> insert into authrole (username, role) values ('gesker','sysadmin')
>>
>>
>>
>> *Could someone offer a hint?
>>
>> Dennis
>> *
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net

-- 
Dennis R. Gesker
email: dennis_at_alamon.com
gpg key: 0xEFA10A51