1:56 a.m.
[
https://jira.jboss.org/jira/browse/JBIDE-4421?page=com.atlassian.jira.plu...
]
Rob Stryker commented on JBIDE-4421:
------------------------------------
The code I'm executing to verify login credentials is accessing the JMX RMI adapter,
NOT the JMX console. So anything you're doing to secure the JMX Console is (I
believe) irrelevent.
The code used to do this is as follows:
// get our methods
Class simplePrincipal = Thread.currentThread()
.getContextClassLoader().loadClass(
IJBossServerConstants.CLASS_SIMPLE_PRINCIPAL);
Class securityAssoc = Thread.currentThread()
.getContextClassLoader().loadClass(
IJBossServerConstants.CLASS_SECURITY_ASSOCIATION);
securityAssoc.getMethods(); // force-init the methods since the
// class hasn't been initialized yet.
Constructor newSimplePrincipal = simplePrincipal
.getConstructor(new Class[] { String.class });
Object newPrincipalInstance = newSimplePrincipal
.newInstance(new Object[] { principal });
// set the principal
Method setPrincipalMethod = securityAssoc.getMethod(
IJBossServerConstants.METHOD_SET_PRINCIPAL,
new Class[] { Principal.class });
setPrincipalMethod.invoke(null,
new Object[] { newPrincipalInstance });
// set the credential
Method setCredentialMethod = securityAssoc.getMethod(
IJBossServerConstants.METHOD_SET_CREDENTIAL,
new Class[] { Object.class });
setCredentialMethod.invoke(null, new Object[] { credential });
Properties props = new Properties();
int port = jbs.getJNDIPort();
props.put(IJBossServerConstants.NAMING_FACTORY_KEY,
IJBossServerConstants.NAMING_FACTORY_VALUE);
props.put(IJBossServerConstants.NAMING_FACTORY_PKGS,
IJBossServerConstants.NAMING_FACTORY_INTERFACES);
props.put(IJBossServerConstants.NAMING_FACTORY_PROVIDER_URL,
"jnp://" + jbs.getHost() + ":" + port); //$NON-NLS-1$
//$NON-NLS-2$
props.put(IJBossServerConstants.JNP_DISABLE_DISCOVERY, new
Boolean(true).booleanValue());
ic = new InitialContext(p);
Object obj = ic.lookup("jmx/invoker/RMIAdaptor");
ic.close();
Clearly I'm not doing anything weird or unusual... I'm loading via reflection the
principal and SecurityAssociation classes, setting the username and password, and then
passing it to the RMI Adapter. If the RMI Adapter is not accepting it, I find it very
difficult to believe this would be the fault of the tooling.
jmx-invoker-service.xml server for DatabaseModuleLogin credentials
not "accepted"
---------------------------------------------------------------------------------
Key: JBIDE-4421
URL: https://jira.jboss.org/jira/browse/JBIDE-4421
Project: Tools (JBoss Tools)
Issue Type: Bug
Components: JBossAS
Affects Versions: 3.0.0.GA
Reporter: Stelios Koussouris
Assignee: Rob Stryker
Priority: Minor
Fix For: 3.1.0.M3
Setup the following authentication policy
<application-policy name="CLSIS-Security">
<authentication>
<login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag =
"required">
<module-option
name="unauthenticatedIdentity">guest</module-option>
<module-option
name="dsJndiName">java:/DefaultDS</module-option>
<!--module-option
name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">base64</module-option>
<module-option name="principalsQuery">SELECT USER_PWD FROM
WEB_USERS WHERE USER_ID=?</module-option>
<module-option name="rolesQuery">SELECT ROLE_ID, 'Roles'
FROM WEB_ROLES WHERE USER_ID=?</module-option-->
<module-option name = "principalsQuery">SELECT PASSWD FROM
JBM_USER WHERE USER_ID=?</module-option>
<module-option name = "rolesQuery">SELECT ROLE_ID,
'Roles' FROM JBM_ROLE WHERE USER_ID=?</module-option>
</login-module>
</authentication>
</application-policy>
and for jmx-console.war set the jaas policy in jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<resource-ref>
<res-ref-name>jdbc/DefaultDS</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<jndi-name>java:/DefaultDS</jndi-name>
</resource-ref>
<security-domain>java:/jaas/CLSIS-Security</security-domain>
</jboss-web>
finally setting the web-app with role "john" and user/pass guest/guest
OPTION A: left deploy/jmx-invoker-service.xml unchanged with default policy
"jmx-console"
Back in JBDS,
Open Server View
Right click on server --> Open
In Overview set the Server Credentials to admin/admin
Start the server and all is well
OPTION B: left deploy/jmx-invoker-service.xml change the policy to
"CLSIS-Security"
Back in JBDS,
Open Server View
Right click on server --> Open
In Overview set the Server Credentials to admin/admin
Start the server pop-up comes up asking for the correct credentials enter guest/guest and
all is well
OPTION B1: all as in OPTION B but
In Overview set the Server Credentials to guest/guest
Start the server and expect that since the correct credentials for the DB policy held in
deploy/jmx-invoker-service.xml are given no pop-up will appear BUT
pop-up appears pre-populated with guest/guest I enter guest/guest and it keeps popping up
(why?) if I choose "ignore" it does so server starts and JMX-CONSOLE is
available via http://localhost:8080/jmx-console but JBDS is showing in Server View next to
the server "Starting .... Synchnonized"
then after 450 secs the JBDS throws an error popup and the server stops (why?)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira