I'm sorry, I misread your previous post. You need to use the CallerIdentityLoginModule, not the ConfiguredIdentityLoginModule.
david jencks On 2002.09.25 16:14:48 -0400 "Sonnek, Ryan" wrote: > that's a scary though david. me peeling through jboss code! :) just > kidding, i'd love to dig into this and find out what is really happening. > do you have any suggestions for what classes to look though? > > i've begun doing some debugging, and i've found that the principal that > is > passed to the ConfiguredIdentityLoginModule is using the default > username/password from the login-config.xml. the user that is logged in > through the ldap login module is not getting to the configured identity > module. > > using the code from the configured identity module's initialize method: > log.info("got principal: " + principalName + ", username: " + userName > + > ", password: " + password); > returns the values from the login-config.xml: > > <application-policy name = "OracleDbRealm"> > <authentication> > <login-module code = > "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = > "required"> > <module-option name = "principal">yourprincipal</module-option> > <module-option name = "userName">yourusername</module-option> > <module-option name = "password">yourpassword</module-option> > <module-option name = > "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=OracleDS</mo > dule-option> > </login-module> > </authentication> > </application-policy> > > is there anything else required to get the configured identity module to > use > the ldap module? > > > -----Original Message----- > From: David Jencks [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 25, 2002 11:06 AM > To: [EMAIL PROTECTED] > Subject: Re: [JBoss-user] Oracle "By Container" JCA configuration > > > It looks to me as if you have everything set up correctly and understand > what is supposed to happen. I would expect the setup to work since you > have identical user/pw in ldap and oracle. I suggest logging the user/pw > at every opportunity (in the CallerIdentityLoginModule when the > PasswordCredential is constructed and in the jca wrapper when a > connection > from Oracle is requested) to see what is actually happening. > > As I think I mentioned, I myself have never set this up, and it's > possible > bugs have crept in due to changes in components supporting the login > module. > > thanks > david jencks > > > On 2002.09.25 11:40:05 -0400 "Sonnek, Ryan" wrote: > > again, things are getting much clearer! > > ok, here's my new understanding of how this works in my current setup: > > > > 1. login-conf.xml has 2 login modules. > > a. ConfiguredIdentityLoginModule named OracleDbRealm > > b. LDAPLoginModule named testLdap > > 2. oracle-service.xml is configured. > > a. SecurityDomainJndiName = OracleDbRealm > > b. JndiName = OracleDS > > 3. JSP application is deployed. > > a. jboss-web.xml configured to use java:/jaas/testLdap security > > domain > > b. database lookups using java:/OracleDS > > > > does this look right so far? IF this is the setup, my understanding is > > that > > the account username/password used for the LDAPLoginModule MUST be the > > same > > as the database account, in order for the subject to propogate > correctly. > > things are nearly working now (i think :) ), and it makes sense to use > a > > seperate login module (like LDAPLoginModule) to get the roles. > > > > the error i get now is: > > SEVERE: Could not create connection; - nested throwable: > > (java.sql.SQLException: ORA-01017: invalid username/password; logon > > denied > > ); - nested throwable: (org.jboss.resource.ResourceException: Could not > > create connection; - nested throwable: (java.sql.SQLException: > ORA-01017: > > invalid username/password; logon denied > > )) > > > > my ldap account has the same username and password as my database > > account. > > is the password that is passed from the ldap module to the configured > > identity module changed in any way? > > > > > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user > > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user