Andrew
Just to reassure myself that no username details are hashed into the password I
created a third user - test3 with the same password - the hashed password is
the same. This user can log in (as the original test user could) but test2
cannot. I also checked the uniqueness of the names etc. Here is my users table
(I've shortend the password from {SHA}83d5f07da94dd6d389cf26ecbad5329ad69ba59c):
email | full_name | login_name | password | wiki_name
NULL | test | test | {SHA}83d...59c | test
NULL | test2 | test2 | {SHA}83d...59c | test2
NULL | test3 | test3 | {SHA}83d...59c | test3
So I think this means your first suggestion is not the issue - I have simply
copied passwords around (ideally I would hash it once via JSPWiki and use this
value for all new accounts created in a script) so they should be the same.
This is verified by my other test, adding test3 via the web interface. The
second reason isn't an issue either as the names are all unique.
When you talk about the different identifiers I assume this is the JAAS stack
(thing?) you are talking about. I copied the default confirguration from the
documentation that looks like:
<application-policy name="JSPWiki-container">
<authentication>
<login-module
code="com.ecyrd.jspwiki.auth.login.WebContainerLoginModule"
flag="sufficient"/>
<login-module
code="com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule"
flag="sufficient"/>
<login-module code="com.ecyrd.jspwiki.auth.login.AnonymousLoginModule"
flag="sufficient"/>
</authentication>
</application-policy>
Where is the login check vs the database in here? Is this function somehow
controlled in the WebContainerLoginModule? This is what I assumed but perhaps
this is not the default behaviour (which is how I read the installation
instructions). I have tried adding in the
com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule configuration but this
throws errors - are there other flags that control how the security works?
Obviously if you sign up via the web everything works so maybe scripting the
addition of users isn't that common...?
Thanks, and any help appreciated
Chris
----- Original Message ----
From: Andrew Jaquith <[EMAIL PROTECTED]>
To: "[email protected]" <[email protected]>
Sent: Wednesday, 30 July, 2008 1:34:34 PM
Subject: Re: JBoss/MySQL combination - cannot create new users
Chris --
The different 'WikiPrincipals' are just identifiers for the current
user. If you successfully authenticate, it will be the user name. If
not, it's the cookie vaue the user set, OR the IP address.
Anyway, all your messages tell me is that the second user cannot
authenticate. One reason could be that the password you type in, once
hashed with SHA1, does not match the hash code in the password column.
If your database script generates passwords in clear text, by
definition it is not hashed, and authentication will fail.
Another reason might me that the two users have the same wiki names,
full names, or login names. These are all supposed to be unique. So it
is a violation to have two users with different login names and full
names, but whose wiki names are both 'test'.
On Jul 30, 2008, at 4:19 AM, Chris Mein <[EMAIL PROTECTED]> wrote:
> Hi
>
> I am running JBoss 4.0.5.GA with MySQL 5.0.27. I have installed
> JSPWiki and reconfigured the security to use a MySQL datasource (I
> followed along the Oracle installation instructions -
> http://doc.jspwiki.org/2.4/wiki/JDBCSecurityWithOracle
> ). Everything seems fine and I get the debugging messages:
>
> [UserManager] Attempting to load user database class
> com.ecyrd.jspwiki.auth.user.JDBCUserDatabase
> [AbstractUserDatabase] JDBCUserDatabase initialized from JNDI
> DataSource: jdbc/UserDatabase
> [AbstractUserDatabase] JDBCUserDatabase supports transactions. Good;
> we will use them.
> [UserManager] UserDatabase initialized.
>
> After setting up the JAAS configuration in the JBoss login-
> config.xml file as documented here
> (http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSJAASConfiguration
>
> ) I went through the JSPWiki front end I created an account called
> test. I can see when I run a select on the wiki_users database table
> and I can also log in correctly.
>
> However if I try and create a row in the database directly I can
> never log in with this user. I have simply copied the test record
> data into a temporary table and then re-inserted it into the users
> table.
>
> The only thing I can notice is that when I log in as 'test' I get a
> debug line like:
>
> INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED
> [EMAIL PROTECTED],
> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test,
> [EMAIL PROTECTED]
>
> When I log in as 'test2' (the copied record) I get:
>
> ERROR [SecurityLog] WikiSecurityEvent.LOGIN_FAILED
> [EMAIL PROTECTED],
> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1,
> [EMAIL PROTECTED]
>
> Why is the WikiPrincipal different? What is the WikiPrincipal? Help?
>
> I have hundreds of users I need to script the generation of, hence
> my headache...
>
> Thanks in advance
>
> Chris Mein
>
>
>
> __________________________________________________________
> Not happy with your email address?.
> Get the one you really want - millions of new email addresses
> available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
__________________________________________________________
Not happy with your email address?.
Get the one you really want - millions of new email addresses available now at
Yahoo! http://uk.docs.yahoo.com/ymail/new.html
