Another observation
I have just changed the JAAS configuration to read:
<authentication>
<login-module code="com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule"
flag="sufficient"/>
<login-module code="com.ecyrd.jspwiki.auth.login.WebContainerLoginModule"
flag="sufficient"/>
<login-module
code="com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule"
flag="sufficient"/>
<login-module code="com.ecyrd.jspwiki.auth.login.AnonymousLoginModule"
flag="sufficient"/>
</authentication>
When I log in with the account created via the web I get the following
debugging which clearly shows the UserDatabaseLoginModule being called:
SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp -
Looking up WikiSession for session ID=860822AD5ABD7B877BDF37293E92755B... found
it
WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp -
Creating WikiContext for session ID=860822AD5ABD7B877BDF37293E92755B;
target=Login
WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Do
we need to log the user in? false
UserDatabaseLoginModule wiki:/wiki/Login.jsp
wiki:http://localhost:8080/wiki/Login.jsp - Logged in loginName=test
UserDatabaseLoginModule wiki:/wiki/Login.jsp
wiki:http://localhost:8080/wiki/Login.jsp - Added Principals
Role.AUTHENTICATED,Role.ALL
...
SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp -
WikiSecurityEvent.LOGIN_AUTHENTICATED [EMAIL PROTECTED],
princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test, [EMAIL PROTECTED]
When I log in using one of the scripted users I get the following:
SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp -
Looking up WikiSession for session ID=860822AD5ABD7B877BDF37293E92755B... found
it
WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp -
Creating WikiContext for session ID=860822AD5ABD7B877BDF37293E92755B;
target=Login
WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Do
we need to log the user in? false
AuthenticationManager wiki:/wiki/Login.jsp
wiki:http://localhost:8080/wiki/Login.jsp - Failed login: The username or
password is incorrect.
SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp -
WikiSecurityEvent.LOGIN_FAILED [EMAIL PROTECTED],
princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, [EMAIL PROTECTED]
As far as I can see on the second try I don't even get to look in the database.
For whatever reason the AuthenicationManager doesn't even try to use the
UserDatabaseLoginModule logic.
Chris
----- Original Message ----
From: Andrew Jaquith <[EMAIL PROTECTED]>
To: "[email protected]" <[email protected]>
Sent: Wednesday, 30 July, 2008 1:34:34 PM
Subject: Re: JBoss/MySQL combination - cannot create new users
Chris --
The different 'WikiPrincipals' are just identifiers for the current
user. If you successfully authenticate, it will be the user name. If
not, it's the cookie vaue the user set, OR the IP address.
Anyway, all your messages tell me is that the second user cannot
authenticate. One reason could be that the password you type in, once
hashed with SHA1, does not match the hash code in the password column.
If your database script generates passwords in clear text, by
definition it is not hashed, and authentication will fail.
Another reason might me that the two users have the same wiki names,
full names, or login names. These are all supposed to be unique. So it
is a violation to have two users with different login names and full
names, but whose wiki names are both 'test'.
On Jul 30, 2008, at 4:19 AM, Chris Mein <[EMAIL PROTECTED]> wrote:
> Hi
>
> I am running JBoss 4.0.5.GA with MySQL 5.0.27. I have installed
> JSPWiki and reconfigured the security to use a MySQL datasource (I
> followed along the Oracle installation instructions -
> http://doc.jspwiki.org/2.4/wiki/JDBCSecurityWithOracle
> ). Everything seems fine and I get the debugging messages:
>
> [UserManager] Attempting to load user database class
> com.ecyrd.jspwiki.auth.user.JDBCUserDatabase
> [AbstractUserDatabase] JDBCUserDatabase initialized from JNDI
> DataSource: jdbc/UserDatabase
> [AbstractUserDatabase] JDBCUserDatabase supports transactions. Good;
> we will use them.
> [UserManager] UserDatabase initialized.
>
> After setting up the JAAS configuration in the JBoss login-
> config.xml file as documented here
> (http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSJAASConfiguration
>
> ) I went through the JSPWiki front end I created an account called
> test. I can see when I run a select on the wiki_users database table
> and I can also log in correctly.
>
> However if I try and create a row in the database directly I can
> never log in with this user. I have simply copied the test record
> data into a temporary table and then re-inserted it into the users
> table.
>
> The only thing I can notice is that when I log in as 'test' I get a
> debug line like:
>
> INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED
> [EMAIL PROTECTED],
> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test,
> [EMAIL PROTECTED]
>
> When I log in as 'test2' (the copied record) I get:
>
> ERROR [SecurityLog] WikiSecurityEvent.LOGIN_FAILED
> [EMAIL PROTECTED],
> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1,
> [EMAIL PROTECTED]
>
> Why is the WikiPrincipal different? What is the WikiPrincipal? Help?
>
> I have hundreds of users I need to script the generation of, hence
> my headache...
>
> Thanks in advance
>
> Chris Mein
>
>
>
> __________________________________________________________
> Not happy with your email address?.
> Get the one you really want - millions of new email addresses
> available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
__________________________________________________________
Not happy with your email address?.
Get the one you really want - millions of new email addresses available now at
Yahoo! http://uk.docs.yahoo.com/ymail/new.html
