Andrew The issue happens exactly the same whichever way I have the login modules configured. The only reason I added the UserDatabaseLoginModule at the top was to see if it even gets called - for some reason it doesn't. The debug I get is:
SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Looking up WikiSession for session ID=860822AD5ABD7B877BDF37293E92755B... found it WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Creating WikiContext for session ID=860822AD5ABD7B877BDF37293E92755B; target=Login WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Do we need to log the user in? false AuthenticationManager wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Failed login: The username or password is incorrect. SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - WikiSecurityEvent.LOGIN_FAILED [EMAIL PROTECTED], princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, [EMAIL PROTECTED] It appears to me that the AuthenticationManager for some reason doesn't even try to use the UserDatabaseLoginModule to authenticate the user. For some reason this is totally bypased. I am wondering whether some other user store exists that contains users I have created via the web but not users I have only added to the database. Chris ----- Original Message ---- From: Andrew Jaquith <[EMAIL PROTECTED]> To: [email protected] Sent: Thursday, 31 July, 2008 4:10:53 AM Subject: Re: JBoss/MySQL combination - cannot create new users Chris -- You do not need to cc: me on replies -- I already receive them as a list member. I think the UserDatabaseLoginModule to the JBoss authentication configuration in the way you did is the problem. You need to have separate configurations for the JSPWiki-container and JSPWiki-custom application contexts. Check the sample jspwiki.jaas file for details. On Jul 30, 2008, at 6:48 PM, Chris Mein wrote: > Another observation > > I have just changed the JAAS configuration to read: > > <authentication> > <login-module > code="com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule" > flag="sufficient"/> > <login-module > code="com.ecyrd.jspwiki.auth.login.WebContainerLoginModule" > flag="sufficient"/> > <login-module > code="com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule" > flag="sufficient"/> > <login-module > code="com.ecyrd.jspwiki.auth.login.AnonymousLoginModule" > flag="sufficient"/> > </authentication> > > When I log in with the account created via the web I get the > following debugging which clearly shows the UserDatabaseLoginModule > being called: > > SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Looking up WikiSession for session > ID=860822AD5ABD7B877BDF37293E92755B... found it > WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Creating WikiContext for session > ID=860822AD5ABD7B877BDF37293E92755B; target=Login > WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Do we need to log the user in? false > UserDatabaseLoginModule wiki:/wiki/Login.jsp > wiki:http://localhost:8080/wiki/Login.jsp > - Logged in loginName=test > UserDatabaseLoginModule wiki:/wiki/Login.jsp > wiki:http://localhost:8080/wiki/Login.jsp > - Added Principals Role.AUTHENTICATED,Role.ALL > ... > SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - WikiSecurityEvent.LOGIN_AUTHENTICATED > [EMAIL PROTECTED], > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test, > [EMAIL PROTECTED] > > When I log in using one of the scripted users I get the following: > > SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Looking up WikiSession for session > ID=860822AD5ABD7B877BDF37293E92755B... found it > WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Creating WikiContext for session > ID=860822AD5ABD7B877BDF37293E92755B; target=Login > WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Do we need to log the user in? false > AuthenticationManager wiki:/wiki/Login.jsp > wiki:http://localhost:8080/wiki/Login.jsp > - Failed login: The username or password is incorrect. > SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - WikiSecurityEvent.LOGIN_FAILED > [EMAIL PROTECTED], > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, > [EMAIL PROTECTED] > > As far as I can see on the second try I don't even get to look in > the database. For whatever reason the AuthenicationManager doesn't > even try to use the UserDatabaseLoginModule logic. > > Chris > > > > ----- Original Message ---- > From: Andrew Jaquith <[EMAIL PROTECTED]> > To: "[email protected]" <[email protected] > > > Sent: Wednesday, 30 July, 2008 1:34:34 PM > Subject: Re: JBoss/MySQL combination - cannot create new users > > Chris -- > > The different 'WikiPrincipals' are just identifiers for the current > user. If you successfully authenticate, it will be the user name. If > not, it's the cookie vaue the user set, OR the IP address. > > Anyway, all your messages tell me is that the second user cannot > authenticate. One reason could be that the password you type in, once > hashed with SHA1, does not match the hash code in the password column. > If your database script generates passwords in clear text, by > definition it is not hashed, and authentication will fail. > > Another reason might me that the two users have the same wiki names, > full names, or login names. These are all supposed to be unique. So it > is a violation to have two users with different login names and full > names, but whose wiki names are both 'test'. > > On Jul 30, 2008, at 4:19 AM, Chris Mein <[EMAIL PROTECTED]> wrote: > >> Hi >> >> I am running JBoss 4.0.5.GA with MySQL 5.0.27. I have installed >> JSPWiki and reconfigured the security to use a MySQL datasource (I >> followed along the Oracle installation instructions - >> http://doc.jspwiki.org/2.4/wiki/JDBCSecurityWithOracle >> ). Everything seems fine and I get the debugging messages: >> >> [UserManager] Attempting to load user database class >> com.ecyrd.jspwiki.auth.user.JDBCUserDatabase >> [AbstractUserDatabase] JDBCUserDatabase initialized from JNDI >> DataSource: jdbc/UserDatabase >> [AbstractUserDatabase] JDBCUserDatabase supports transactions. Good; >> we will use them. >> [UserManager] UserDatabase initialized. >> >> After setting up the JAAS configuration in the JBoss login- >> config.xml file as documented here >> (http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSJAASConfiguration >> ) I went through the JSPWiki front end I created an account called >> test. I can see when I run a select on the wiki_users database table >> and I can also log in correctly. >> >> However if I try and create a row in the database directly I can >> never log in with this user. I have simply copied the test record >> data into a temporary table and then re-inserted it into the users >> table. >> >> The only thing I can notice is that when I log in as 'test' I get a >> debug line like: >> >> INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED >> [EMAIL PROTECTED], >> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test, >> [EMAIL PROTECTED] >> >> When I log in as 'test2' (the copied record) I get: >> >> ERROR [SecurityLog] WikiSecurityEvent.LOGIN_FAILED >> [EMAIL PROTECTED], >> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, >> [EMAIL PROTECTED] >> >> Why is the WikiPrincipal different? What is the WikiPrincipal? Help? >> >> I have hundreds of users I need to script the generation of, hence >> my headache... >> >> Thanks in advance >> >> Chris Mein >> >> >> >> __________________________________________________________ >> Not happy with your email address?. >> Get the one you really want - millions of new email addresses >> available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html > > > > __________________________________________________________ > Not happy with your email address?. > Get the one you really want - millions of new email addresses > available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html __________________________________________________________ Not happy with your email address?. Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
