[JBoss JIRA] (ELY-1455) DB query seen for each request using FORM mechanism.

Thursday, 30 November 2017

    [
https://issues.jboss.org/browse/ELY-1455?page=com.atlassian.jira.plugin.s...
] 

Darran Lofthouse commented on ELY-1455:
---------------------------------------

This block appears to be the successful authentication, the lines before this were general
request handling: -

{noformat}
2017-11-30 10:18:36,162 TRACE [org.wildfly.security] (default task-20) Created
HttpServerAuthenticationMechanism
[org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@4b6db12d] for
mechanism [FORM]
2017-11-30 10:18:36,177 TRACE [org.wildfly.security] (default task-20) Handling
MechanismInformationCallback type='HTTP' name='FORM'
host-name='localhost' protocol='https'
2017-11-30 10:18:36,177 TRACE [org.wildfly.security] (default task-20) Trying to
re-authenticate session 6Tqv3BUYPuWiVwWfkPO9LpbxqLxWS4pKcdZl0e1l using
FormAuthenticationMechanism. Request URI: [https://localhost:8181/account/login], Context
path: [/]
2017-11-30 10:18:36,177 TRACE [org.wildfly.security] (default task-20) Handling
CachedIdentityAuthorizeCallback: principal = null  authorizedIdentity = null
2017-11-30 10:18:36,665 TRACE [org.wildfly.security] (default task-20) Principal
assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name:
[wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten:
[alberto(a)myapp.com]
2017-11-30 10:18:36,672 TRACE [org.wildfly.security] (default task-20) Executing
principalQuery select u.password, r.role from user u inner join user_role_auth r on
r.email = u.email where u.email = ? with value alberto(a)myapp.com
2017-11-30 10:18:36,676 TRACE [org.wildfly.security] (default task-20) Executing
principalQuery select u.password, r.role from user u inner join user_role_auth r on
r.email = u.email where u.email = ? with value alberto(a)myapp.com
2017-11-30 10:18:36,692 TRACE [org.wildfly.security] (default task-20) Role mapping:
principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles
[Administrator] -> domain mapped roles [Administrator]
2017-11-30 10:18:36,693 TRACE [org.wildfly.security] (default task-20) Authorizing
principal alberto(a)myapp.com.
2017-11-30 10:18:36,693 TRACE [org.wildfly.security] (default task-20) Authorizing against
the following attributes: [groups] => [Administrator]
2017-11-30 10:18:36,695 TRACE [org.wildfly.security] (default task-20) Permission mapping:
identity [alberto(a)myapp.com] with roles [Administrator] implies
("org.wildfly.security.auth.permission.LoginPermission" "") = true
2017-11-30 10:18:36,696 TRACE [org.wildfly.security] (default task-20) Authorization
succeed
2017-11-30 10:18:36,699 TRACE [org.wildfly.security] (default task-20) Role mapping:
principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles
[Administrator] -> domain mapped roles [Administrator]
{noformat}

...
  DB query seen for each request using FORM mechanism.
 -----------------------------------------------------

                 Key: ELY-1455
                 URL: https://issues.jboss.org/browse/ELY-1455
             Project: WildFly Elytron
          Issue Type: Bug
          Components: Authentication Mechanisms
    Affects Versions: 1.2.0.Beta10
            Reporter: Martin Choma
             Fix For: 1.2.0.Beta11

         Attachments: server.log, standalone-full-ha.xml

 User is complaining, that DB is accessed on each request. 
 Jdbc-realm + FORM authentication
 {noformat}
 <jdbc-realm name="myappRealm">
                     <principal-query sql="SELECT r.role, u.password FROM user u
join user_role_auth r on r.email = u.email where u.email=?"
data-source="myds">
                         <attribute-mapping>
                             <attribute to="Roles" index="1"/>
                         </attribute-mapping>
                         <simple-digest-mapper password-index="2"/>
                     </principal-query>
                 </jdbc-realm>
 {noformat}
 {noformat}
 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Principal
assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name:
[wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten:
[alberto(a)myapp.com]
 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Executing
principalQuery select password from user where email = ? with value alberto(a)myapp.com
 2017-11-30 09:31:04,051 TRACE [org.wildfly.security] (default task-124) Executing
principalQuery select role, 'Roles' from user_role_auth where email = ? with value
alberto(a)myapp.com
 2017-11-30 09:31:04,052 TRACE [org.wildfly.security] (default task-124) Executing
principalQuery select password from user where email = ? with value alberto(a)myapp.com
 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping:
principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles
[Administrator] -> domain mapped roles [Administrator]
 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing
principal alberto(a)myapp.com.
 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing
against the following attributes: [roles] => [Administrator]
 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Permission
mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies
("org.wildfly.security.auth.permission.LoginPermission" "") = true
 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorization
succeed
 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping:
principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles
[Administrator] -> domain mapped roles [Administrator]
 2017-11-30 09:31:07,017 TRACE [org.wildfly.security] (default task-125) Principal
assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name:
[wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten:
[alberto(a)myapp.com]
 2017-11-30 09:31:07,018 TRACE [org.wildfly.security] (default task-125) Executing
principalQuery select password from user where email = ? with value alberto(a)myapp.com
 2017-11-30 09:31:07,019 TRACE [org.wildfly.security] (default task-125) Executing
principalQuery select role, 'Roles' from user_role_auth where email = ? with value
alberto(a)myapp.com
 2017-11-30 09:31:07,021 TRACE [org.wildfly.security] (default task-125) Executing
principalQuery select password from user where email = ? with value alberto(a)myapp.com
 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Role mapping:
principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles
[Administrator] -> domain mapped roles [Administrator]
 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Authorizing
principal alberto(a)myapp.com.
 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorizing
against the following attributes: [roles] => [Administrator]
 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Permission
mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies
("org.wildfly.security.auth.permission.LoginPermission" "") = true
 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorization
succeed
 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Role mapping:
principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles
[Administrator] -> domain mapped roles [Administrator]
 {noformat} 

--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006