Richter:
I think I'm getting close. I thought that the jdbcRealm was going to map
the security-roles for me but this doesn't seem to be happening.
To check I tried the following as a test.
realm in sun-application.xml to 'jdbcRealmAddOn' <-authentication seems
to be working
Changed my url to /index.jsp
Got a 403
Created 'protected' directory and put a new index.jsp in protected
directory.
Changed my url to /protected/*
Still got a 403
Changed url back to /index.jsp
changed realm in sun-application.xml to 'file'
added security-role-mapping to sun-application.xml
added user/password to 'file' realm
application worked as expected (directed to auth page, authenticated,
proceed to index.jsp)
changed realm in sun-application.xml to 'jdbcRealmAddOn' <- the one
we've been trouble shooting
removed security-role-mapping from sun-application.xml
got 403
added security-role mapping to sun-application.xml
application worked as expected (directed to auth page, authenticated,
directed to index.jsp)
Should the security-mapping be done by the jdbcRealm roles query? Is
there something else that I need to configure?
Dennis
Edson Carlos Ericksson Richter wrote:
> Good! You got authentication working. By the messages, there is
> nothing wrong with your database, neither with your glassfish.
>
> So how is your web.xml, specific url-pattern?
>
> To get it working, you must map url as "/myprotectedfolder/*", so you
> protect folder and index.jsp... and everything else bellow this folder.
> I got into mistake to put "/myprotectedfolder/" as url pattern, and
> got same error (403) you shown...
>
> Richter
>
>
> Dennis Gesker escreveu:
>> I still seem to be stuck.
>>
>> I changed the field names and types to usrname varchar(10) and passwd
>> varchar(10)
>> changed userTable="dbo"."auth"
>> changed userRoleTable="dbo"."authrole"
>>
>> In my logs I can see:
>>
>> Asked authenticate gesker password will not be shown!|#]
>> (JdbcRealm)User gesker valid: true|#] Asked roles for gesker|#]
>> JdbcRealm roles query returned employee for gesker|#] JdbcRealm roles
>> query returned supervisor for gesker|#] JdbcRealm roles query
>> returned manager for gesker|#] JdbcRealm roles query returned admin
>> for gesker|#] JdbcRealm roles query returned quality for gesker|#]
>> JdbcRealm roles query returned sysadmin for gesker|#]
>>
>> Which I take as a good sign. But, I get an HTTP Status 403 - Access to
>> the requested resource has been denied.
>>
>> In my test project I only have one file, index.jsp. This file is the
>> only file in the web resource collection of my restraint which is
>> enabled for 'employee' role name.
>>
>> Dennis
>>
>>
>>
>>
>>
>> Edson Carlos Ericksson Richter wrote:
>>
>>> Hi! This message (JdbcRealm)User gesker valid: false is an indication
>>> that this user could not be find on the database using the query
>>> "select count(*) from auth where username = ? and password = ?"
>>>
>>> First of all, have you tried to execute this query standalone?
>>>
>>> You are using char(10). AFAIK, char(10) is fixed size, so your
>>> username should be "gesker " and your password should be
>>> "password ". What if you change to "varchar(10)"?
>>>
>>> Some databases consider "username" and "password" as reserved words
>>> (check your docs, I really don't know about MySql). So, I'll suggest
>>> to change name of these columns to "usrname" and "passwd" (normally,
>>> simple identifiers that will not show any problems).
>>>
>>> You could connect through NetBeans Database Explorer and execute this
>>> queries? May be a permission problem too (must grant select on these
>>> tables).
>>>
>>> Finally... Have you tried to authenticate using Tomcat?
>>>
>>> Best regards,
>>>
>>> Richter
>>>
>>> Dennis Gesker escreveu:
>>>
>>>> I was attempting to implement a jdbcReal as described at:
>>>>
>>>> http://jroller.com/page/brviking?entry=glassfish_for_tomcat_users_jdbc
>>>>
>>>>
>>>> *
>>>> However, I seem have run into some trouble as I keep getting this
>>>> module to work and I'm wondering if there is something special
>>>> required with regard to the setup of the database tables (sql below).
>>>> I was
>>>> suprised to see a stack trace as opposed to just a 'login failed
>>>> message':*
>>>>
>>>>
>>>> (JdbcRealm)User gesker valid: false|#]
>>>>
>>>> com.sun.enterprise.security.LoginException: (JdbcLoginModule) Login
>>>> failed!
>>>> at
>>>> org.nbcommunity.glassfish.jdbcAuthModule.JdbcLoginModule.authenticate(JdbcLoginModule.java:61)
>>>>
>>>>
>>>> at
>>>> com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:77)
>>>>
>>>>
>>>> at
>>>> com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:171)
>>>>
>>>>
>>>> at sun.reflect.GeneratedMethodAccessor78.invoke(Unknown
>>>> Source)
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>
>>>>
>>>> at java.lang.reflect.Method.invoke(Method.java:585)
>>>> at
>>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
>>>> at
>>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>>>>
>>>> at
>>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>> at
>>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>>>>
>>>> at
>>>> javax.security.auth.login.LoginContext.login(LoginContext.java:579)
>>>> at
>>>> com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:283)
>>>>
>>>>
>>>> at
>>>> com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:158)
>>>>
>>>>
>>>> at
>>>> com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:111)
>>>>
>>>>
>>>> at
>>>> com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:419)
>>>> at
>>>> com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:359)
>>>> at
>>>> org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:238)
>>>>
>>>>
>>>> at
>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:534)
>>>>
>>>>
>>>> at
>>>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:557)
>>>>
>>>>
>>>> at
>>>> com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:73)
>>>> at
>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
>>>>
>>>>
>>>> at
>>>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
>>>>
>>>>
>>>> at
>>>> com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
>>>>
>>>>
>>>> at
>>>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
>>>> at
>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
>>>>
>>>>
>>>> at
>>>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
>>>>
>>>>
>>>> at
>>>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
>>>>
>>>>
>>>> at
>>>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
>>>> at
>>>> org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:231)
>>>>
>>>> at
>>>> com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667)
>>>>
>>>>
>>>> at
>>>> com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574)
>>>>
>>>>
>>>> at
>>>> com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844)
>>>>
>>>>
>>>> at
>>>> com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
>>>>
>>>>
>>>> at
>>>> com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
>>>>
>>>>
>>>> at
>>>> com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
>>>>
>>>> at
>>>> com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)
>>>>
>>>>
>>>> |#]
>>>> JAAS authentication aborted.
>>>> SEC5046: Audit: Authentication refused for [gesker].
>>>>
>>>>
>>>>
>>>>
>>>> *
>>>> On startup of the server I see in the logs:*
>>>>
>>>>
>>>> JdbcRealm initialization successfull, debug on! JdbcRealm will
>>>> execute queries against jdbc/operations|#] JdbcRealm will login with
>>>> select count(*) from auth where username = ? and password = ?|#]
>>>> JdbcRealm will get roles with select role from authrole where
>>>> username = ?|#] JdbcRealm will get all roles with select distinct
>>>> role from authrole|#]
>>>> [snip]
>>>> Logging in user [gesker] into realm: jdbcRealmAddOn using JAAS
>>>> module: jdbcRealm
>>>> Login module initialized: class
>>>> org.nbcommunity.glassfish.jdbcAuthModule.JdbcLoginModule
>>>>
>>>>
>>>>
>>>> *Which leads me to believe that I have most of the configuration
>>>> options correct. My sql to setup my database tables is pretty
>>>> straight forward as well:*
>>>>
>>>> create table auth(
>>>> id int NOT NULL IDENTITY PRIMARY KEY,
>>>> username char(10) NOT NULL UNIQUE,
>>>> password char(10) NOT NULL
>>>> )
>>>>
>>>> create table authrole(
>>>> id int NOT NULL IDENTITY PRIMARY KEY,
>>>> username char(10) NOT NULL REFERENCES auth(username) ON UPDATE
>>>> CASCADE ON DELETE CASCADE,
>>>> role char(10) NOT NULL,
>>>> rolecode char(10)
>>>> )
>>>>
>>>> insert into auth(username, password) values ('gesker','password')
>>>> insert into authrole (username, role) values ('gesker','employee')
>>>> insert into authrole (username, role) values ('gesker','supervisor')
>>>> insert into authrole (username, role) values ('gesker','manager')
>>>> insert into authrole (username, role) values ('gesker','admin')
>>>> insert into authrole (username, role) values ('gesker','quality')
>>>> insert into authrole (username, role) values ('gesker','sysadmin')
>>>>
>>>>
>>>>
>>>> *Could someone offer a hint?
>>>>
>>>> Dennis
>>>> *
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
--
Dennis R. Gesker
email: dennis_at_alamon.com
gpg key: 0xEFA10A51