JBoss Community

Authorization issue while implementing login module with DatabaseServerLoginModule

created by sidd deo in JBoss Web Development - View the full discussion

Hi all
I am new to jboss. I am trying to implement form based authentication using DatabaseServerLoginModule using jboss 6.0
By referring guides and several tutorials I implemented and configured it. My application is working till authentication phase.
Authorization fails giving following errors in logs. Here are my logs

 

11:18:53,240 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Obtained user password

11:18:53,240 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction

11:18:53,240 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User'sidd' authenticated, loginOk=true

11:18:53,240 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true

11:18:53,240 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets

using rolesQuery: SELECT Role, RoleGroup FROM Roles WHERE PrincipalID=?,username: sidd

11:18:53,256 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction

11:18:53,256 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query:

SELECT Role, RoleGroup FROM Roles WHERE PrincipalID=?, with username: sidd

11:18:53,256 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role WebAppUser

11:18:53,256 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction

11:18:53,256 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.my-web] defaultLogin,

lc=javax.security.auth.login.LoginContext@1b7a59c, subject=Sub

ject(21185284).principals=org.jboss.security.SimplePrincipal@15004845(sidd)org.j

boss.security.SimpleGroup@24878804(WebAppUser(members:WebAppUser))

11:18:53,256 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.my-w

eb] updateCache, inputSubject=Subject(21185284).principals=org.jboss.security.Si

mplePrincipal@15004845(sidd)org.jboss.security.SimpleGroup@24878804(WebAppUser(m

embers:WebAppUser)), cacheSubject=Subject(16292112).principals=org.jboss.securit

y.SimplePrincipal@15004845(sidd)org.jboss.security.SimpleGroup@24878804(WebAppUs

er(members:WebAppUser))

11:18:53,256 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.my-w

eb] Inserted cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase

$DomainInfo@10908b5[Subject(16292112).principals=org.jboss.security.SimplePrinci

pal@15004845(sidd)org.jboss.security.SimpleGroup@24878804(WebAppUser(members:Web

AppUser)),credential.class=java.lang.String@13809944,expirationTime=129731868574

1]

11:18:53,256 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.my-w

eb] End isValid, true

11:18:53,256 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.my-w

eb] getPrincipal, cache info: org.jboss.security.plugins.auth.JaasSecurityManage

rBase$DomainInfo@10908b5[Subject(16292112).principals=org.jboss.security.SimpleP

rincipal@15004845(sidd)org.jboss.security.SimpleGroup@24878804(WebAppUser(member

s:WebAppUser)),credential.class=java.lang.String@13809944,expirationTime=1297318

685741]

11:18:53,272 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadl

ocal:null

11:18:53,272 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadl

ocal:{}

11:18:53,272 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationC

ontext] Control flag for entry:org.jboss.security.authorization.config.Authoriza

tionModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorization

Module:{}REQUIRED}is:[REQUIRED]

11:18:53,287 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadl

ocal:null

 

 

Here is my Databse called book having following structure

 

  CREATE TABLE IF NOT EXISTS Principals (

    PrincipalID varchar(30) NOT NULL PRIMARY KEY,

    Password varchar(50) NOT NULL

  ) ENGINE=INNODB;

 

 

  CREATE TABLE IF NOT EXISTS Roles (

    PrincipalID varchar(30) NOT NULL,

    INDEX (PrincipalID),

    Role varchar(50) NOT NULL,

    RoleGroup varchar(50) NULL,

    PRIMARY KEY(PrincipalID, Role),

    CONSTRAINT Roles_Principal_FK FOREIGN KEY (PrincipalID)

      REFERENCES Principals (PrincipalID) ON DELETE CASCADE

  ) ENGINE=INNODB;

 

values of "PrincipalID" and "Password" are  "sidd"  and "pass".
values "PrincipalID"  "Role"  "RoleGroup" are "sidd" "WebAppUser" "WebAppUser"

My web.xml is as follows

 

<?xml version="1.0"?>

<web-app>

    <description>A test app for security</description>

    <security-constraint>

        <web-resource-collection>

            <web-resource-name>All resources</web-resource-name>

            <description>Protects all resources</description>

            <url-pattern>/*</url-pattern>

            <http-method>GET</http-method>

            <http-method>POST</http-method>

        </web-resource-collection>

        <auth-constraint>

            <role-name>WebAppUser</role-name>

        </auth-constraint>

    </security-constraint>

 

    <security-role>

        <role-name>WebAppUser</role-name>

    </security-role>

 

    <login-config>

        <auth-method>FORM</auth-method>

            <form-login-config>

                <form-login-page>/login.html</form-login-page>

                <form-error-page>/errors.html</form-error-page>

            </form-login-config>

    </login-config>

</web-app>

 


login-config.xml has following entry

 

    <application-policy name="my-web">

        <authentication>

            <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"

                          flag="required">

                <module-option name="dsJndiName">java:/MySqlDS</module-option>

                <module-option name="principalsQuery">SELECT Password FROM Principals WHERE PrincipalID=?</module-option>

                <module-option name="rolesQuery">SELECT Role, RoleGroup FROM Roles WHERE PrincipalID=?</module-option>

            </login-module>

        </authentication>

      <authorization>

         <policy-module code="org.jboss.security.authorization.modules.DelegatingAuthorizationModule" flag="required"/>

      </authorization>

   </application-policy>

 

 

jboss-web.xml has following text

 

<?xml version='1.0' encoding='UTF-8' ?>

<jboss-web>

  <security-domain>java:/jaas/my-web</security-domain>

</jboss-web>

 

Even if I remove
       <authorization>
          <policy-module code="org.jboss.security.authorization.modules.DelegatingAuthorizationModule" flag="required"/>
       </authorization>
from login-config.xml, I get the same error.

As per the logs, user "sidd" is getting authenticated successfully. But on GUI i see

HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

Am i missing on any flag or any configuration ?

 


 


Reply to this message by going to Community

Start a new discussion in JBoss Web Development at Community