[JBoss-user] [Security & JAAS/JBoss] - cannot get multiple realms to work with 3.2 (works well in 3

[Eelco69]

Hello,

I have searched all forums, haven't been able to find something about my problem. I 
have multiple websites in production running on a 3.0.7 JBoss Server. Everything works 
fine. However, I am now trying to get the same websites running under 3.2. Now 
something weird happens: The first realm I enter everything is well. The second realm 
however, gets a null principal. Here is the configuration: 

oracle-ds file:
 
  <local-tx-datasource>
        <jndi-name>x1_datasource</jndi-name>
        
<connection-url>jdbc:oracle:thin:@(description=(address=(host=myHost)(protocol=tcp)(port=1521))(connect_data=(SERVICE_NAME=mySid)))</connection-url>
        <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
        <user-name>x1</user-name>
        xxxxxx
        
<exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
  </local-tx-datasource>
  <local-tx-datasource>
        <jndi-name>x2_datasource</jndi-name>
        
<connection-url>jdbc:oracle:thin:@(description=(address=(host=myHost)(protocol=tcp)(port=1521))(connect_data=(SERVICE_NAME=mySid)))</connection-url>
        <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
        <user-name>x2</user-name>
        xxxxx
        
<exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
  </local-tx-datasource>
  <local-tx-datasource>
        <jndi-name>x3_datasource</jndi-name>
        
<connection-url>jdbc:oracle:thin:@(description=(address=(host=myhost)(protocol=tcp)(port=1521))(connect_data=(SERVICE_NAME=mySid)))</connection-url>
        <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
        <user-name>x3</user-name>
        xxxxx
        
<exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
  </local-tx-datasource>
  <local-tx-datasource>
        <jndi-name>x4_datasource</jndi-name>
        
<connection-url>jdbc:oracle:thin:@(description=(address=(host=myHost)(protocol=tcp)(port=1521))(connect_data=(SERVICE_NAME=mySid)))</connection-url>
        <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
        <user-name>x4</user-name>
        xxxxx
        
<exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
  </local-tx-datasource>
              


in login-config.xml i have set up application-policies:

    <application-policy name = "xx1"> 
       
        <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" 
flag = "required"> 
          <module-option name="dsJndiName">java:/x1_datasource</module-option>
          <module-option name="principalsQuery">select wachtwoord from gebruikers 
where upper (key_gebruiker) = upper (?)</module-option> 
          <module-option name="rolesQuery">select key_rol, 'Roles' from 
gebruikers_rollen, gebruikers where upper (key_gebruiker) = upper (?) and 
gebruikers.id_gebruiker = gebruikers_rollen.id_gebruiker</module-option> 
        </login-module> 
       
    </application-policy>

four times (for every realm one)

every jboss-web.xml shows as follows, only the jndi call is different (pointing to one 
of the above datasources)

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
        <context-root>/xxroot</context-root>
    <security-domain>java:/jaas/xx1</security-domain>
    <resource-ref>
        <res-ref-name>jdbc/x1_datasource</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <jndi-name>java:/x1_datasource</jndi-name>
    </resource-ref>
</jboss-web>

and in the web.xml: (only the auth/datasource part showing here)

  <resource-ref> 
    Datasource for x1 
    <res-ref-name>jdbc/x1_datasource</res-ref-name> 
    <res-type>javax.sql.DataSource</res-type> 
    <res-auth>Container</res-auth> 
  </resource-ref>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Restricted</web-resource-name>
      Declarative security tests
      <url-pattern>/restricted/*</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>role1</role-name>
    </auth-constraint>
    <user-data-constraint>
      no description
      <transport-guarantee>GUARANTEED</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>xx1</realm-name>
  </login-config>

Now why doesn't it work in 3.2.4 anymore????

Funny thing is, the first realm to do authentication will succeed after starting the 
server, every next realm will fail. 

Please help

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3836908#3836908

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3836908



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user