<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Authorization issue while implementing login module with DatabaseServerLoginModule
</h3>
<span style="margin-bottom: 10px;">
created by <a href="http://community.jboss.org/people/c-ddhesh">sidd deo</a> in <i>JBoss Web Development</i> - <a href="http://community.jboss.org/message/586633#586633">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p><span class="postbody">Hi all<br/> I am new to jboss. I am trying to implement form based authentication using DatabaseServerLoginModule using <a class="jive-link-external-small" href="http://www.coderanch.com/forums/f-63/JBoss" target="_new">jboss</a> 6.0<br/> By referring guides and several tutorials I implemented and configured it. My application is working till authentication phase.<br/> Authorization fails giving following errors in logs. Here are my logs</span></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>11:18:53,240 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Obtained user password</p><p>11:18:53,240 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction</p><p>11:18:53,240 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User'sidd' authenticated, loginOk=true</p><p>11:18:53,240 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true</p><p>11:18:53,240 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets </p><p>using rolesQuery: SELECT Role, RoleGroup FROM Roles WHERE PrincipalID=?,username: sidd</p><p>11:18:53,256 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction</p><p>11:18:53,256 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: </p><p>SELECT Role, RoleGroup FROM Roles WHERE PrincipalID=?, with username: sidd</p><p>11:18:53,256 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role WebAppUser</p><p>11:18:53,256 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction</p><p>11:18:53,256 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.my-web] defaultLogin, </p><p>lc=javax.security.auth.login.LoginContext@1b7a59c, subject=Sub</p><p>ject(21185284).principals=org.jboss.security.SimplePrincipal@15004845(sidd)org.j</p><p>boss.security.SimpleGroup@24878804(WebAppUser(members:WebAppUser))</p><p>11:18:53,256 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.my-w</p><p>eb] updateCache, inputSubject=Subject(21185284).principals=org.jboss.security.Si</p><p>mplePrincipal@15004845(sidd)org.jboss.security.SimpleGroup@24878804(WebAppUser(m</p><p>embers:WebAppUser)), cacheSubject=Subject(16292112).principals=org.jboss.securit</p><p>y.SimplePrincipal@15004845(sidd)org.jboss.security.SimpleGroup@24878804(WebAppUs</p><p>er(members:WebAppUser))</p><p>11:18:53,256 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.my-w</p><p>eb] Inserted cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase</p><p>$DomainInfo@10908b5[Subject(16292112).principals=org.jboss.security.SimplePrinci</p><p>pal@15004845(sidd)org.jboss.security.SimpleGroup@24878804(WebAppUser(members:Web</p><p>AppUser)),credential.class=java.lang.String@13809944,expirationTime=129731868574</p><p>1]</p><p>11:18:53,256 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.my-w</p><p>eb] End isValid, true</p><p>11:18:53,256 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.my-w</p><p>eb] getPrincipal, cache info: org.jboss.security.plugins.auth.JaasSecurityManage</p><p>rBase$DomainInfo@10908b5[Subject(16292112).principals=org.jboss.security.SimpleP</p><p>rincipal@15004845(sidd)org.jboss.security.SimpleGroup@24878804(WebAppUser(member</p><p>s:WebAppUser)),credential.class=java.lang.String@13809944,expirationTime=1297318</p><p>685741]</p><p>11:18:53,272 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadl</p><p>ocal:null</p><p>11:18:53,272 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadl</p><p>ocal:{}</p><p>11:18:53,272 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationC</p><p>ontext] Control flag for entry:org.jboss.security.authorization.config.Authoriza</p><p>tionModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorization</p><p>Module:{}REQUIRED}is:[REQUIRED]</p><p>11:18:53,287 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadl</p><p>ocal:null</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span class="postbody">Here is my Databse called book having following structure</span></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>  CREATE TABLE IF NOT EXISTS Principals (</p><p>    PrincipalID varchar(30) NOT NULL PRIMARY KEY,</p><p>    Password varchar(50) NOT NULL</p><p>  ) ENGINE=INNODB;</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>  CREATE TABLE IF NOT EXISTS Roles (</p><p>    PrincipalID varchar(30) NOT NULL,</p><p>    INDEX (PrincipalID),</p><p>    Role varchar(50) NOT NULL,</p><p>    RoleGroup varchar(50) NULL,</p><p>    PRIMARY KEY(PrincipalID, Role),</p><p>    CONSTRAINT Roles_Principal_FK FOREIGN KEY (PrincipalID)</p><p>      REFERENCES Principals (PrincipalID) ON DELETE CASCADE</p><p>  ) ENGINE=INNODB;</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span class="postbody">values of "PrincipalID" and "Password" are  "sidd"  and "pass".<br/> values "PrincipalID"  "Role"  "RoleGroup" are "sidd" "WebAppUser" "WebAppUser"<br/> <br/> My web.xml is as follows</span></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><?xml version="1.0"?></p><p><web-app></p><p>    <description>A test app for security</description></p><p>    <security-constraint></p><p>        <web-resource-collection></p><p>            <web-resource-name>All resources</web-resource-name></p><p>            <description>Protects all resources</description></p><p>            <url-pattern>/*</url-pattern></p><p>            <http-method>GET</http-method></p><p>            <http-method>POST</http-method></p><p>        </web-resource-collection></p><p>        <auth-constraint></p><p>            <role-name>WebAppUser</role-name></p><p>        </auth-constraint></p><p>    </security-constraint></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>    <security-role></p><p>        <role-name>WebAppUser</role-name></p><p>    </security-role></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>    <login-config></p><p>        <auth-method>FORM</auth-method></p><p>            <form-login-config></p><p>                <form-login-page>/login.html</form-login-page></p><p>                <form-error-page>/errors.html</form-error-page></p><p>            </form-login-config></p><p>    </login-config></p><p></web-app></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span class="postbody"><br/> login-config.xml has following entry</span></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>    <application-policy name="my-web"></p><p>        <authentication></p><p>            <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"</p><p>                          flag="required"></p><p>                <module-option name="dsJndiName">java:/MySqlDS</module-option></p><p>                <module-option name="principalsQuery">SELECT Password FROM Principals WHERE PrincipalID=?</module-option> </p><p>                <module-option name="rolesQuery">SELECT Role, RoleGroup FROM Roles WHERE PrincipalID=?</module-option> </p><p>            </login-module></p><p>        </authentication></p><p>      <authorization></p><p>         <policy-module code="org.jboss.security.authorization.modules.DelegatingAuthorizationModule" flag="required"/></p><p>      </authorization></p><p>   </application-policy></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span class="postbody">jboss-web.xml has following text</span></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><?xml version='1.0' encoding='UTF-8' ?></p><p><jboss-web></p><p>  <security-domain>java:/jaas/my-web</security-domain></p><p></jboss-web></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span class="postbody">Even if I remove <br/>       <authorization><br/>          <policy-module code="org.jboss.security.authorization.modules.DelegatingAuthorizationModule" flag="required"/><br/>       </authorization><br/> from login-config.xml, I get the same error.<br/> <br/> As per the logs, user "sidd" is getting authenticated successfully. But on GUI i see <br/> <br/> HTTP Status 403 - Access to the requested resource has been denied<br/> type Status report<br/> message Access to the requested resource has been denied<br/> description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.<br/> <br/> Am i missing on any flag or any configuration ? <br/></span></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span class="postbody"><br/></span></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span class="postbody"><br/></span></p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="http://community.jboss.org/message/586633#586633">going to Community</a></p>
<p style="margin: 0;">Start a new discussion in JBoss Web Development at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2112">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>