I'm sorry, I misread your previous post. You need to use the
CallerIdentityLoginModule, not the ConfiguredIdentityLoginModule.
david jencks
On 2002.09.25 16:14:48 -0400 "Sonnek, Ryan" wrote:
> that's a scary though david. me peeling through jboss code! :) just
> kidding, i'd love to dig into this and find out what is really happening.
> do you have any suggestions for what classes to look though?
>
> i've begun doing some debugging, and i've found that the principal that
> is
> passed to the ConfiguredIdentityLoginModule is using the default
> username/password from the login-config.xml. the user that is logged in
> through the ldap login module is not getting to the configured identity
> module.
>
> using the code from the configured identity module's initialize method:
> log.info("got principal: " + principalName + ", username: " + userName
> +
> ", password: " + password);
> returns the values from the login-config.xml:
>
> <application-policy name = "OracleDbRealm">
> <authentication>
> <login-module code =
> "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag =
> "required">
> <module-option name = "principal">yourprincipal</module-option>
> <module-option name = "userName">yourusername</module-option>
> <module-option name = "password">yourpassword</module-option>
> <module-option name =
> "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=OracleDS</mo
> dule-option>
> </login-module>
> </authentication>
> </application-policy>
>
> is there anything else required to get the configured identity module to
> use
> the ldap module?
>
>
> -----Original Message-----
> From: David Jencks [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 25, 2002 11:06 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [JBoss-user] Oracle "By Container" JCA configuration
>
>
> It looks to me as if you have everything set up correctly and understand
> what is supposed to happen. I would expect the setup to work since you
> have identical user/pw in ldap and oracle. I suggest logging the user/pw
> at every opportunity (in the CallerIdentityLoginModule when the
> PasswordCredential is constructed and in the jca wrapper when a
> connection
> from Oracle is requested) to see what is actually happening.
>
> As I think I mentioned, I myself have never set this up, and it's
> possible
> bugs have crept in due to changes in components supporting the login
> module.
>
> thanks
> david jencks
>
>
> On 2002.09.25 11:40:05 -0400 "Sonnek, Ryan" wrote:
> > again, things are getting much clearer!
> > ok, here's my new understanding of how this works in my current setup:
> >
> > 1. login-conf.xml has 2 login modules.
> > a. ConfiguredIdentityLoginModule named OracleDbRealm
> > b. LDAPLoginModule named testLdap
> > 2. oracle-service.xml is configured.
> > a. SecurityDomainJndiName = OracleDbRealm
> > b. JndiName = OracleDS
> > 3. JSP application is deployed.
> > a. jboss-web.xml configured to use java:/jaas/testLdap security
> > domain
> > b. database lookups using java:/OracleDS
> >
> > does this look right so far? IF this is the setup, my understanding is
> > that
> > the account username/password used for the LDAPLoginModule MUST be the
> > same
> > as the database account, in order for the subject to propogate
> correctly.
> > things are nearly working now (i think :) ), and it makes sense to use
> a
> > seperate login module (like LDAPLoginModule) to get the roles.
> >
> > the error i get now is:
> > SEVERE: Could not create connection; - nested throwable:
> > (java.sql.SQLException: ORA-01017: invalid username/password; logon
> > denied
> > ); - nested throwable: (org.jboss.resource.ResourceException: Could not
> > create connection; - nested throwable: (java.sql.SQLException:
> ORA-01017:
> > invalid username/password; logon denied
> > ))
> >
> > my ldap account has the same username and password as my database
> > account.
> > is the password that is passed from the ldap module to the configured
> > identity module changed in any way?
> >
> >
> >
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-user
>
>
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
