users@glassfish.java.net

Re: JdbcAuthModule

From: Edson Carlos Ericksson Richter <edson.richter_at_mgrinformatica.com.br>
Date: Wed, 07 Jun 2006 14:11:05 -0300

Good! You got authentication working. By the messages, there is nothing
wrong with your database, neither with your glassfish.

So how is your web.xml, specific url-pattern?

To get it working, you must map url as "/myprotectedfolder/*", so you
protect folder and index.jsp... and everything else bellow this folder.
I got into mistake to put "/myprotectedfolder/" as url pattern, and got
same error (403) you shown...

Richter


Dennis Gesker escreveu:
> I still seem to be stuck.
>
> I changed the field names and types to usrname varchar(10) and passwd
> varchar(10)
> changed userTable="dbo"."auth"
> changed userRoleTable="dbo"."authrole"
>
> In my logs I can see:
>
> Asked authenticate gesker password will not be shown!|#]
> (JdbcRealm)User gesker valid: true|#]
> Asked roles for gesker|#]
> JdbcRealm roles query returned employee for gesker|#]
> JdbcRealm roles query returned supervisor for gesker|#]
> JdbcRealm roles query returned manager for gesker|#]
> JdbcRealm roles query returned admin for gesker|#]
> JdbcRealm roles query returned quality for gesker|#]
> JdbcRealm roles query returned sysadmin for gesker|#]
>
> Which I take as a good sign. But, I get an HTTP Status 403 - Access to
> the requested resource has been denied.
>
> In my test project I only have one file, index.jsp. This file is the
> only file in the web resource collection of my restraint which is
> enabled for 'employee' role name.
>
> Dennis
>
>
>
>
>
> Edson Carlos Ericksson Richter wrote:
>
>> Hi! This message (JdbcRealm)User gesker valid: false is an indication
>> that this user could not be find on the database using the query
>> "select count(*) from auth where username = ? and password = ?"
>>
>> First of all, have you tried to execute this query standalone?
>>
>> You are using char(10). AFAIK, char(10) is fixed size, so your
>> username should be "gesker " and your password should be "password
>> ". What if you change to "varchar(10)"?
>>
>> Some databases consider "username" and "password" as reserved words
>> (check your docs, I really don't know about MySql). So, I'll suggest
>> to change name of these columns to "usrname" and "passwd" (normally,
>> simple identifiers that will not show any problems).
>>
>> You could connect through NetBeans Database Explorer and execute this
>> queries? May be a permission problem too (must grant select on these
>> tables).
>>
>> Finally... Have you tried to authenticate using Tomcat?
>>
>> Best regards,
>>
>> Richter
>>
>> Dennis Gesker escreveu:
>>
>>> I was attempting to implement a jdbcReal as described at:
>>>
>>> http://jroller.com/page/brviking?entry=glassfish_for_tomcat_users_jdbc
>>>
>>>
>>> *
>>> However, I seem have run into some trouble as I keep getting this
>>> module to work and I'm wondering if there is something special
>>> required with regard to the setup of the database tables (sql below).
>>> I was
>>> suprised to see a stack trace as opposed to just a 'login failed
>>> message':*
>>>
>>>
>>> (JdbcRealm)User gesker valid: false|#]
>>>
>>> com.sun.enterprise.security.LoginException: (JdbcLoginModule) Login
>>> failed!
>>> at
>>> org.nbcommunity.glassfish.jdbcAuthModule.JdbcLoginModule.authenticate(JdbcLoginModule.java:61)
>>>
>>> at
>>> com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:77)
>>>
>>> at
>>> com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:171)
>>>
>>> at sun.reflect.GeneratedMethodAccessor78.invoke(Unknown Source)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>
>>> at java.lang.reflect.Method.invoke(Method.java:585)
>>> at
>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
>>> at
>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>>> at
>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at
>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>>> at
>>> javax.security.auth.login.LoginContext.login(LoginContext.java:579)
>>> at
>>> com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:283)
>>>
>>> at
>>> com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:158)
>>>
>>> at
>>> com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:111)
>>>
>>> at
>>> com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:419)
>>> at
>>> com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:359)
>>> at
>>> org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:238)
>>>
>>> at
>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:534)
>>>
>>> at
>>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:557)
>>>
>>> at
>>> com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:73)
>>> at
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
>>>
>>> at
>>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
>>>
>>> at
>>> com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
>>>
>>> at
>>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
>>> at
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
>>>
>>> at
>>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
>>>
>>> at
>>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
>>>
>>> at
>>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
>>> at
>>> org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:231)
>>> at
>>> com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667)
>>>
>>> at
>>> com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574)
>>>
>>> at
>>> com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844)
>>>
>>> at
>>> com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
>>>
>>> at
>>> com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
>>>
>>> at
>>> com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
>>> at
>>> com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)
>>>
>>> |#]
>>> JAAS authentication aborted.
>>> SEC5046: Audit: Authentication refused for [gesker].
>>>
>>>
>>>
>>>
>>> *
>>> On startup of the server I see in the logs:*
>>>
>>>
>>> JdbcRealm initialization successfull, debug on! JdbcRealm will
>>> execute queries against jdbc/operations|#] JdbcRealm will login with
>>> select count(*) from auth where username = ? and password = ?|#]
>>> JdbcRealm will get roles with select role from authrole where
>>> username = ?|#] JdbcRealm will get all roles with select distinct
>>> role from authrole|#]
>>> [snip]
>>> Logging in user [gesker] into realm: jdbcRealmAddOn using JAAS
>>> module: jdbcRealm
>>> Login module initialized: class
>>> org.nbcommunity.glassfish.jdbcAuthModule.JdbcLoginModule
>>>
>>>
>>>
>>> *Which leads me to believe that I have most of the configuration
>>> options correct. My sql to setup my database tables is pretty
>>> straight forward as well:*
>>>
>>> create table auth(
>>> id int NOT NULL IDENTITY PRIMARY KEY,
>>> username char(10) NOT NULL UNIQUE,
>>> password char(10) NOT NULL
>>> )
>>>
>>> create table authrole(
>>> id int NOT NULL IDENTITY PRIMARY KEY,
>>> username char(10) NOT NULL REFERENCES auth(username) ON UPDATE
>>> CASCADE ON DELETE CASCADE,
>>> role char(10) NOT NULL,
>>> rolecode char(10)
>>> )
>>>
>>> insert into auth(username, password) values ('gesker','password')
>>> insert into authrole (username, role) values ('gesker','employee')
>>> insert into authrole (username, role) values ('gesker','supervisor')
>>> insert into authrole (username, role) values ('gesker','manager')
>>> insert into authrole (username, role) values ('gesker','admin')
>>> insert into authrole (username, role) values ('gesker','quality')
>>> insert into authrole (username, role) values ('gesker','sysadmin')
>>>
>>>
>>>
>>> *Could someone offer a hint?
>>>
>>> Dennis
>>> *
>>>
>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
>