[JBoss-user] Re: JBoss-user digest, Vol 1 #4539 - 5 msgs
Testing again --- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
RE: [JBoss-user] DatabaseServerLoginModule
Problem solved. After researching the source for the security.auth.spi package (you gotta love open source) and some MySQl docs, I discovered that MySQL returns MD5() encrypted passwords in HEX format. SO I simply changed the to HEX, and all worked just as documented/expected. Thanks again for your assistance. -Original Message- From: Contact [mailto:contact@;abilsoft.com] Sent: Tuesday, November 05, 2002 9:25 PM To: '[EMAIL PROTECTED]' Subject: RE: [JBoss-user] DatabaseServerLoginModule Scott: Thanks so much for the tip, jboss-web.xml visibility was a big part of the problem here. I am indeed much closer now - but not quite there yet. My only remaining problem is with the hashAlgorithm. Everything is working perfectly as long as I have a clear password in the database and I do not add the hashAlgorithm and hashEncoding s to the following section of my login-config.xml. As soon as I put an MD5'ed password in the database and add the hasAlgorithm and hashEncoding options, it stops working (with typical invalid password Error msg). java:/SecurityPool select password from users where username=? select role, rolegroup from roles where username=? MD5 base64 I am using JBoss 3.0.4 with a MySQL database. The database contains the password in MD5 encrypted format and I have verified the query by hand from a mysql prompt (to verify it returns expected MD5 encrypted password). What else do I need to do to make this encryption work? Does my princiaplsQuery need to be modified? As uunderstand from the Quick Start Guide, the hashAlgorithm will cause the clear text password retrieved from the CallBackHandler to be MD5'ed before it's passed for comparison. Since the database contains and MD5 encrypted password, these should match with the query as is? Am I missing something else? Thanks again. -Original Message- From: [EMAIL PROTECTED] [mailto:jboss-user-admin@;lists.sourceforge.net] On Behalf Of Scott M Stark Sent: Tuesday, November 05, 2002 7:51 AM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] DatabaseServerLoginModule Turn on DEBUG level messages by editing the conf/lo4j.xml file and removing the from the FILE appender and then look of the following msgs: Binding security/securityMgr to NullSecurityManager Linking security/securityMgr to JNDI name: x Most likely the war/WEB-INF/jboss-web.xml file is not being seen. Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 04, 2002 9:37 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule > Then why am I not seeing any output in the console or logfiles > indicating that authentication is even occuring, let alone having any problems? Is there something in some other file that I need to modify to turn this on? I have verified the queries against my schema via mysql by hand - there doe not appear to be any problem there. I just don't think that authentication is really being processed in my environment - although the login.html is presented as expected - just not really validated against anything (always appears to return success regardless of input). > > Todd --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
RE: [JBoss-user] DatabaseServerLoginModule
Scott: Thanks so much for the tip, jboss-web.xml visibility was a big part of the problem here. I am indeed much closer now - but not quite there yet. My only remaining problem is with the hashAlgorithm. Everything is working perfectly as long as I have a clear password in the database and I do not add the hashAlgorithm and hashEncoding s to the following section of my login-config.xml. As soon as I put an MD5'ed password in the database and add the hasAlgorithm and hashEncoding options, it stops working (with typical invalid password Error msg). java:/SecurityPool select password from users where username=? select role, rolegroup from roles where username=? MD5 base64 I am using JBoss 3.0.4 with a MySQL database. The database contains the password in MD5 encrypted format and I have verified the query by hand from a mysql prompt (to verify it returns expected MD5 encrypted password). What else do I need to do to make this encryption work? Does my princiaplsQuery need to be modified? As uunderstand from the Quick Start Guide, the hashAlgorithm will cause the clear text password retrieved from the CallBackHandler to be MD5'ed before it's passed for comparison. Since the database contains and MD5 encrypted password, these should match with the query as is? Am I missing something else? Thanks again. -Original Message- From: [EMAIL PROTECTED] [mailto:jboss-user-admin@;lists.sourceforge.net] On Behalf Of Scott M Stark Sent: Tuesday, November 05, 2002 7:51 AM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] DatabaseServerLoginModule Turn on DEBUG level messages by editing the conf/lo4j.xml file and removing the from the FILE appender and then look of the following msgs: Binding security/securityMgr to NullSecurityManager Linking security/securityMgr to JNDI name: x Most likely the war/WEB-INF/jboss-web.xml file is not being seen. Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 04, 2002 9:37 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule > Then why am I not seeing any output in the console or logfiles > indicating that authentication is even occuring, let alone having any problems? Is there something in some other file that I need to modify to turn this on? I have verified the queries against my schema via mysql by hand - there doe not appear to be any problem there. I just don't think that authentication is really being processed in my environment - although the login.html is presented as expected - just not really validated against anything (always appears to return success regardless of input). > > Todd --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] DatabaseServerLoginModule
Then why am I not seeing any output in the console or logfiles indicating that authentication is even occuring, let alone having any problems? Is there something in some other file that I need to modify to turn this on? I have verified the queries against my schema via mysql by hand - there doe not appear to be any problem there. I just don't think that authentication is really being processed in my environment - although the login.html is presented as expected - just not really validated against anything (always appears to return success regardless of input). Todd -- The security-domain needs to point to a valid configuration. There is some configuration error or database schema problem. Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: To: <[EMAIL PROTECTED]> Sent: Monday, November 04, 2002 2:23 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule > Scott, > Hang on a moment. But, Todd has a WEB-INF/jboss-web.xml file and the > security domain is pointing to his AbilSoftRealm and not to other. > Do you have to point to other for this stuff to work? And why does what > Todd is doing not work? > > Ciao, > Jonathan O'Connor > Ph: +353 1 872 3305 > Mob: +353 86 824 9736 > Fax: +353 1 873 3612 > > > > > Scott M Stark <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 03.11.2002 16:50 > Please respond to jboss-user > > > To: [EMAIL PROTECTED] > cc: > Subject:Re: [JBoss-user] DatabaseServerLoginModule > > > There is no jboss-web.xml descriptor describing the security domain > under which authentication should occur. See the getting started guide > where a WEB-INF/jboss-web.xml file is described as being required > to enable security: > > > java:/jaas/other > > > On Sunday, November 3, 2002, at 07:30 AM, Todd Gould wrote: > > > > > Hello: > > > > I'm trying to configure the DatabaseServerLoginModule to use as an > > authentication mechanism for a simple JSP with simple FORM based > > security. I'm sure I am missing something, but have not been able to > > find my error(s) in the documentation or other related posts. This is > > with JBoss 3.0.0 with Tomcat 4.0.3. > > > > The problem is as follows: The JSP presents and appears to process the > > login form correctly and just as expected. The problem is that no > > matter > > what I respond to the form with for user and password, I am > > successfully > > transferred to the JSP that is supposed to be guarded. This is to say > > that users/pws that are in the database and any other garbabge that is > > not both appear to work equally well and result in successful > > authentication. There are no errors on the console or log that I have > > found. There are also no errors during startup. There are also no > > indications that any authentication is ocurring. > > > > I'd appreciate any and all help as I'm not sure what I'm missing at > > this > > point. > > > > Here are the relevant sections from the files: > > > > web.xml: > > > > > > BookMarks > > /* > > > > > > PortalUser > > > > > > > > > > FORM > > AbilSoftRealm > > > > /login.html > > /login-error.html > > > > > > > > > > PortalUser > > > > > > jboss-web.xml: > > > > java:/jaas/AbilSoftRealm > > > > > > login-config.xml: > > > > > > > > > "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = > > "required"> > > testuser > > testuser > > pw > > > "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=Securit > > yDS > > > > > > > > > > > > > > > > > "org.jboss.security.auth.spi.DatabaseServerLoginModule" > > flag = "required"> > > java:/SecurityPool > > select password from users > > where username = ? > > select role, rolegroup from roles > > where username = ? > > MD5 > > base64 > > > > > > > > > > Thanks again. --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
RE: [JBoss-user] DatabaseServerLoginModule
Thanks for the info and by the way, I have been working straight from the Quick Start Guide draft 3. I've modified by jboss-web.xml to be exactly as you listed below with no apparent impact on the behavior.I'm still getting the behavior as described below. Any help at all will be greatly appreciated! Thanks, Todd -Original Message- From: [EMAIL PROTECTED] [mailto:jboss-user-admin@;lists.sourceforge.net] On Behalf Of Scott M Stark Sent: Sunday, November 03, 2002 9:51 AM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] DatabaseServerLoginModule There is no jboss-web.xml descriptor describing the security domain under which authentication should occur. See the getting started guide where a WEB-INF/jboss-web.xml file is described as being required to enable security: java:/jaas/other On Sunday, November 3, 2002, at 07:30 AM, Todd Gould wrote: > > Hello: > > I'm trying to configure the DatabaseServerLoginModule to use as an > authentication mechanism for a simple JSP with simple FORM based > security. I'm sure I am missing something, but have not been able to > find my error(s) in the documentation or other related posts. This is > with JBoss 3.0.0 with Tomcat 4.0.3. > > The problem is as follows: The JSP presents and appears to process the > login form correctly and just as expected. The problem is that no > matter > what I respond to the form with for user and password, I am > successfully > transferred to the JSP that is supposed to be guarded. This is to say > that users/pws that are in the database and any other garbabge that is > not both appear to work equally well and result in successful > authentication. There are no errors on the console or log that I have > found. There are also no errors during startup. There are also no > indications that any authentication is ocurring. > > I'd appreciate any and all help as I'm not sure what I'm missing at > this > point. > > Here are the relevant sections from the files: > > web.xml: > > > BookMarks > /* > > > PortalUser > > > > > FORM AbilSoftRealm > > /login.html > /login-error.html > > > > > PortalUser > > > jboss-web.xml: > > > java:/jaas/AbilSoftRealm > > > login-config.xml: > > > "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = > "required"> > testuser > testuser > pw > "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=Securit > yDS > > > > > > > > "org.jboss.security.auth.spi.DatabaseServerLoginModule" > flag = "required"> > java:/SecurityPool > select password from users > where username = ? > select role, rolegroup from roles > where username = ? > MD5 > base64 > > > > > Thanks again. --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user