tags:

views:

895

answers:

1

hello: I have a problem with jaas and jboss. I try to authenticate users against a database using form based method but jboss tells me the password are wrong (no, the password is correct), but if i use UsersRolesLoginModule with properties files, no problem.

In the pg database in debug mode the query that JBoss does seems ok, The password in database for now are in plain text (without hash)

Here is my login-config.xml file

<application-policy name = "AP">
       <authentication>
          <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
             <module-option name = "dsJndiName">java:/authDS</module-option>
             <module-option name = "principalsQuery">SELECT password FROM users WHERE login = ?</module-option>
             <module-option name = "rolesQuery">SELECT roles.name AS roles FROM roles WHERE roles.id IN 
         (SELECT users_roles.roleid FROM users_roles WHERE users_roles.userid IN 
         (SELECT users.id FROM users WHERE login = ?))</module-option>
             <!-- <module-option name="hashAlgorithm">MD5</module-option> -->
             <!-- <module-option name="hashEncoding">base64</module-option> -->
             <!-- <module-option name="hashEncoding">HEX</module-option> -->
             <!-- <module-option name="hashAlgorithm">SHA-1</module-option> -->
             <!-- <module-option name="digestCallback">com.myclass.MyDigestCallback</module-option>-->
          </login-module>
       </authentication>
    </application-policy>

web.xml file:

<security-constraint>
     <web-resource-collection>
       <web-resource-name>Restrict Access</web-resource-name>
       <description></description>
       <url-pattern>/admin/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
     </web-resource-collection>
     <auth-constraint>
       <role-name>AdminRole</role-name>
     </auth-constraint>
   </security-constraint>

  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>ASM AD Authentication</realm-name>
    <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/login.jsp</form-error-page>
       </form-login-config>
    </login-config>

    <security-role>
      <role-name>AdminRole</role-name>
   </security-role>

jboss-web.xml

<jboss-web>
      <security-domain>java:/jaas/Admin</security-domain>
</jboss-web>

login.jsp

<form method="post" action="j_security_check">
    <fieldset>
     <legend>Login</legend>
     <p>
      <label for="form-username">Username</label>
      <input type="text" name="j_username" id="form-username" />
     </p>
     <p>
      <label for="form-password">Password</label>
      <input type="password" name="j_password" id="form-password" />
     </p>
     <p>
      <input type="submit" value="GO" />
     </p>
    </fieldset>
</form>
A: 

Hi

change to

OR

java:/jaas/Admin change to

java:/jaas/AP