users@glassfish.java.net

Re: JAAS jdbcRealm error

From: <glassfish_at_javadesktop.org>
Date: Sun, 30 Sep 2007 20:29:36 PDT

Your plight sounds *so* familiar. I've gone through the same painful procedures.

There are a LOT of things to get all working together properly.
If you are using Derby you can easily get yourself in a situation where you are adding users via Derby to one version of the DB that is in location A in the file system. Meantime GF is using a completely different DB located elsewhere.

Here is what you should do.

If you want your auth DB to run on the Network server, it's important for the Network server to always start in the same directory where all your DBs are stored. What I do is issue this command to start the Networked Derby:

asadmin start-database --dbhome c:/dev/db

OK, now forget about all the Realms, pools and resources you've setup. Just leave them but add new ones all from scratch like so:

1)Admin GUI: create a pool. Name it: "userauth" Accept the defaults for a networked DB.
Make sure this property is set like this:
[b]connectionAttributes=;create=true[/b]
give it a username and a password and don't forget them!
make sure the database name is "userauth"

2)Admin GUI: ping the pool you just created. If it pings ok -- then you now have a database. Go check for a dir named userauth under your "--dbhome" directory.

3) Create the tables with the Derby tool --> ij (I'll put the script in the next post)

ij>connect 'jdbc:derby://localhost:1527/userauth;user=yourname;password=thePassword';
ij> run 'createdb.sql';
ij> insert into usertable (USERID, PASSWORD) values('fred', 'flinstone');
ij> insert into grouptable (userid, groupid) values('fred', 'ADMINISTRATORS');

Now you have one user, fred, with admin privileges and a working database.

4) create the jdbc resource. call the resource "jdbc/userauth" and have it point at the pool "userauth"

5) Now create a new realm and name it - you guessed it -- "userauth"

Get the names of the tables and columns from the sql script.
Leave the digest method blank (for now) -- so you will be saving plain text passwords

6) If you haven't made a mistake in the preceding, you should be able to deploy a very, very simple web module and try the authentication.

Simple web module -- go with the absolute basic new NB project. I.e. the web module is a page that says "JSP Page". Now go to the configuration for the web module andd add security:

BASIC authentication
Then add a security constraint, require ADMINISTRATORS role for the constraint, and make the URL "/*"
Finally, add these lines to sun-web.xml
  <security-role-mapping>
    <role-name>ADMINISTRATORS</role-name>
    <group-name>ADMINISTRATORS</group-name>
  </security-role-mapping>


-------------------------------------

Another tip -- turn logging down to FINE for the core. Take a look at JDBCRealm.java -- it has this error message:

        } catch(Exception ex) {
            _logger.log(Level.SEVERE, "jdbcrealm.invaliduser", user);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "Cannot validate user", ex);
            }

That Exception, which is not revealed at > FINE, is the SQLException that has the actual problem in it!
[Message sent by forum member 'bnevins' (bnevins)]

http://forums.java.net/jive/thread.jspa?messageID=237763