Please always indicate your exact jboss version. I am not at all sure about my analysis, I still confused about many parts of the security system. I think that JakobsPolicy is not supplying a default user/subject. When the deployment code needs a connection to check on tables in the db, there is no principal or subject available to start with, so the db security domain can't map it, so it fails.
I think the eventual solution will be to conduct deployments and other jmx operations under security. For now, your best bet may be to not use JAAS security for your db login. To do this, comment out or remove the SecurityDomainJndiName attribute from hqldb-service.jar and uncomment and fill in the username and password config elements. Of course this will only work it you are using the ConfiguredIdentityLoginModule. david jencks On 2002.05.30 07:27:25 -0400 [EMAIL PROTECTED] wrote: > To anyone who can help me. > > I am trying to use the DatabaseServerLoginModul to authenticate people in > > my web application against some database tables; but miles before I got > this far, I got this Exception: > > 13:13:20,438 ERROR [EjbModule] Initialization failed > java.lang.SecurityException: Invalid authentication attempt, > principal=null > at > >org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:662) > at > >org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:503) > at > >org.jboss.resource.adapter.jdbc.local.LocalDataSource.getConnection(LocalDataSource.java:101) > at > org.jboss.ejb.plugins.cmp.jdbc.SQLUtil.fixTableName(SQLUtil.java:38) > at > >org.jboss.ejb.plugins.cmp.jdbc.bridge.JDBCEntityBridge.<init>(JDBCEntityBridge.java:103) > ..... > > When trying to deploy my ear-file. I have created a new > application-policy > with the lines: > > <application-policy name = "JakobsPolicy"> > <authentication> > <login-module code = > "org.jboss.security.auth.spi.DatabaserServerLoginModule" flag="required"> > <module-option name="dsJndiName">java:/MyDS</module-option> > <module-option name="principalsQuery">select password from > user > where userid=?</module-option> > <module-option name="rolesQuery">select role, null from > user,userrole where userrole.iduser = user.id and > user.userid=?</module-option> > </login-module> > </authentication> > </application-policy> > > The MyDS is specified in the deploy/hsqldb-service.xml file and works > fine > with my ear. In my ear application I am _not_ using the "JakobsPolicy" - > I've set the securitydomain to "java:/jaas/other" - and I have a hard > time > finding that much documentation on the whole application-policy / > authentication issues (Jboss.org seems to be under semi-serious rebuilt > :-). > > If I leave out the aboe application-policy, my application is being > deployed fine - using the "other" authencation, default install using > users.properties and roles.properties - and I've verified that it works. > I > then add the above lines to make a "JakobsPolicy" and everything starts > to > fail. > > Shall I make another datasource for the login-module to use? > > Could the problem be that the DatabaseServerLoginModule is not > authenticating itself to the Datasource? > > I've tried to specify "optional" instead of "required" as flag to the > login-module - with no luck :-( > > I hope someone can help me out - or at least give me some documentation > links! > > Jakob Dalsgaard > Udvikler > e-mail: [EMAIL PROTECTED] > Vesterbrogade 149 > 1620 K�benhavn V > Tlf.: 70 25 80 30 > Fax.: 70 25 80 31 > > > > <br><font size=2 face="sans-serif">To anyone who can help me.</font> > <br> > <br><font size=2 face="sans-serif">I am trying to use the > DatabaseServerLoginModul to authenticate people in my web application > against some database tables; but miles before I got this far, I got this > Exception:</font> > <br> > <br><font size=2 face="sans-serif">13:13:20,438 ERROR [EjbModule] > Initialization failed</font> > <br><font size=2 face="sans-serif">java.lang.SecurityException: Invalid > authentication attempt, principal=null</font> > <br><font size=2 face="sans-serif"> at > >org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:662)</font> > <br><font size=2 face="sans-serif"> at > >org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:503)</font> > <br><font size=2 face="sans-serif"> at > >org.jboss.resource.adapter.jdbc.local.LocalDataSource.getConnection(LocalDataSource.java:101)</font> > <br><font size=2 face="sans-serif"> at > org.jboss.ejb.plugins.cmp.jdbc.SQLUtil.fixTableName(SQLUtil.java:38)</font> > <br><font size=2 face="sans-serif"> at > >org.jboss.ejb.plugins.cmp.jdbc.bridge.JDBCEntityBridge.<init>(JDBCEntityBridge.java:103)</font> > <br><font size=2 face="sans-serif"> > .....</font> > <br> > <br><font size=2 face="sans-serif">When trying to deploy my ear-file. I > have created a new application-policy with the lines:</font> > <br> > <br><font size=2 face="sans-serif"> <application-policy > name = "JakobsPolicy"></font> > <br><font size=2 face="sans-serif"> > <authentication></font> > <br><font size=2 face="sans-serif"> > <login-module code = >"org.jboss.security.auth.spi.DatabaserServerLoginModule" > flag="required"></font> > <br><font size=2 face="sans-serif"> > <module-option >name="dsJndiName">java:/MyDS</module-option></font> > <br><font size=2 face="sans-serif"> > <module-option name="principalsQuery">select > password from user where userid=?</module-option></font> > <br><font size=2 face="sans-serif"> > <module-option name="rolesQuery">select role, null > from user,userrole where userrole.iduser = user.id and > user.userid=?</module-option></font> > <br><font size=2 face="sans-serif"> > </login-module></font> > <br><font size=2 face="sans-serif"> > </authentication></font> > <br><font size=2 face="sans-serif"> > </application-policy></font> > <br> > <br><font size=2 face="sans-serif">The MyDS is specified in the > deploy/hsqldb-service.xml file and works fine with my ear. In my ear > application I am _not_ using the "JakobsPolicy" - I've set the > securitydomain to "java:/jaas/other" - and I have a hard time > finding that much documentation on the whole application-policy / > authentication issues (Jboss.org seems to be under semi-serious rebuilt > :-).</font> > <br> > <br><font size=2 face="sans-serif">If I leave out the aboe > application-policy, my application is being deployed fine - using the > "other" authencation, default install using users.properties > and roles.properties - and I've verified that it works. I then add the > above lines to make a "JakobsPolicy" and everything starts to > fail.</font> > <br> > <br><font size=2 face="sans-serif">Shall I make another datasource for > the login-module to use?</font> > <br> > <br><font size=2 face="sans-serif">Could the problem be that the > DatabaseServerLoginModule is not authenticating itself to the > Datasource?</font> > <br> > <br><font size=2 face="sans-serif">I've tried to specify > "optional" instead of "required" as flag to the > login-module - with no luck :-(</font> > <br> > <br><font size=2 face="sans-serif">I hope someone can help me out - or at > least give me some documentation links!</font> > <br> > <br><font size=2 face="sans-serif">Jakob Dalsgaard<br> > Udvikler<br> > e-mail: [EMAIL PROTECTED]<br> > Vesterbrogade 149<br> > 1620 K�benhavn V<br> > Tlf.: 70 25 80 30<br> > Fax.: 70 25 80 31<br> > <br> > </font> > _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
