[jboss-user] [Security & JAAS/JBoss] - Re: Error 403 when using DatabaseServerLoginModule

yj4jboss do-not-reply at jboss.com
Fri Nov 3 11:05:08 EST 2006


Hello jaikiran,
   Thnx for helping me with the debugging.....I managed to get the logs...Wat i fail to understand is why is the user role not assigned to the principal ??



  | 
  | 20:01:05,265 TRACE [jaastest] Begin isValid, principal:admin, cache info: null
  | 20:01:05,265 TRACE [jaastest] defaultLogin, principal=admin
  | 20:01:05,265 TRACE [XMLLoginConfigImpl] Begin getAppConfigurationEntry(jaastest), size=10
  | 20:01:05,265 TRACE [XMLLoginConfigImpl] End getAppConfigurationEntry(jaastest), authInfo=AppConfigurationEntry[]:
  | [0]
  | LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
  | ControlFlag: LoginModuleControlFlag: required
  | Options:name=rolesProperties, value=SELECT role from roles where principalId=?
  | name=usersProperties, value=SELECT password for principals WHERE principalId=?
  | name=dsJndiName, value=java:/jaastestDatasource
  | 
  | 20:01:05,265 DEBUG [WebappClassLoader] loadClass(org.jboss.security.auth.spi.DatabaseServerLoginModule, false)
  | 20:01:05,265 DEBUG [WebappClassLoader]   Searching local repositories
  | 20:01:05,265 DEBUG [WebappClassLoader]     findClass(org.jboss.security.auth.spi.DatabaseServerLoginModule)
  | 20:01:05,265 DEBUG [WebappClassLoader]   Delegating to parent classloader at end: java.net.FactoryURLClassLoader at 188689a
  | 20:01:05,265 DEBUG [WebappClassLoader]   Loading class from parent
  | 20:01:05,265 DEBUG [WebappClassLoader] loadClass(org.jboss.util.naming.NonSerializableFactory, false)
  | 20:01:05,265 DEBUG [WebappClassLoader]   Searching local repositories
  | 20:01:05,265 DEBUG [WebappClassLoader]     findClass(org.jboss.util.naming.NonSerializableFactory)
  | 20:01:05,265 DEBUG [WebappClassLoader]   Delegating to parent classloader at end: java.net.FactoryURLClassLoader at 188689a
  | 20:01:05,265 DEBUG [WebappClassLoader]   Loading class from parent
  | 20:01:05,281 TRACE [jaastest] defaultLogin, lc=javax.security.auth.login.LoginContext at d72e3f, subject=Subject(18693899).principals=org.jboss.security.SimplePrincipal at 17050661(admin)org.jboss.security.SimpleGroup at 12759622(Admin(members:Admin))
  | 20:01:05,281 TRACE [jaastest] updateCache, inputSubject=Subject(18693899).principals=org.jboss.security.SimplePrincipal at 17050661(admin)org.jboss.security.SimpleGroup at 12759622(Admin(members:Admin)), cacheSubject=Subject(18223014).principals=org.jboss.security.SimplePrincipal at 17050661(admin)org.jboss.security.SimpleGroup at 12759622(Admin(members:Admin))
  | 20:01:05,281 TRACE [jaastest] Inserted cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo at 15d84e0[Subject(18223014).principals=org.jboss.security.SimplePrincipal at 17050661(admin)org.jboss.security.SimpleGroup at 12759622(Admin(members:Admin)),credential.class=java.lang.String at 31598780,expirationTime=1162571435218]
  | 20:01:05,281 TRACE [jaastest] End isValid, true
  | 20:01:05,281 TRACE [JBossSecurityMgrRealm] User: admin is authenticated
  | 20:01:05,281 TRACE [SecurityAssociation] pushSubjectContext, subject=Subject:
  | 	Principal: admin
  | 	Principal: Admin(members:Admin)
  | , sc=org.jboss.security.SecurityAssociation$SubjectContext at becf73{principal=admin,subject=19247740}
  | 20:01:05,281 TRACE [jaastest] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo at 15d84e0[Subject(18223014).principals=org.jboss.security.SimplePrincipal at 17050661(admin)org.jboss.security.SimpleGroup at 12759622(Admin(members:Admin)),credential.class=java.lang.String at 31598780,expirationTime=1162571435218]
  | 20:01:05,281 TRACE [JBossSecurityMgrRealm] Mapped from input principal: adminto: admin
  | 20:01:05,281 TRACE [SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext at becf73{principal=admin,subject=19247740}
  | 20:01:05,281 TRACE [jaastest] getUserRoles, subject: Subject:
  | 	Principal: admin
  | 	Principal: Admin(members:Admin)
  | 
  | 20:01:05,281 TRACE [JBossSecurityMgrRealm] End authenticate, principal=GenericPrincipal[admin()]
  | 20:01:05,281 DEBUG [AuthenticatorBase] Authenticated 'admin' with type 'BASIC'
  | 20:01:05,281 DEBUG [AuthenticatorBase]  Calling accessControl()
  | 20:01:05,281 TRACE [JBossSecurityMgrRealm] Checking roles GenericPrincipal[admin()]
  | 20:01:05,281 DEBUG [RealmBase] Username admin does NOT have role user
  | 20:01:05,281 TRACE [JBossSecurityMgrRealm] No role found:  user
  | 20:01:05,281 TRACE [JBossSecurityMgrRealm] Checking for all roles mode: authOnly
  | 20:01:05,281 DEBUG [AuthenticatorBase]  Failed accessControl() test
  | 20:01:05,281 TRACE [SecurityAssociation] clear, server=true
  | 
  | 


Is something missing in my configs, bcoz the correct user seams to be authenticated .....its only the user role which is not being found ?? 


Thnx in advance.


Regards,
Jankee Yogesh
http://www.m-itc.net

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983009#3983009

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983009



More information about the jboss-user mailing list