1 Reply Latest reply on Dec 22, 2012 2:58 AM by jcacek

    Authentication failed using DatabaseServerLoginModule

    rmarini

      Hi all.

       

      I'm trying to use the DatabaseServerLoginModule, but isn't working. I found many examples like this.
      What is wrong?

       

      I've in my standalone.xml:

                      ...
                      <security-domain name="TestSecurityDomain" cache-type="default">
                          <authentication>
                              <login-module code="Remoting" flag="optional">
                                  <module-option name="password-stacking" value="useFirstPass"/>
                              </login-module>
                              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
                                  <module-option name="dsJndiName" value="java:jboss/datasources/MysqlDS"/>
                                  <module-option name="principalsQuery" value="select u_password from users where u_name=?"/>
                                  <module-option name="rolesQuery" value="select u_profile_name, 'Roles' from user_profile where u_name=?"/>
                                  <module-option name="password-stacking" value="useFirstPass"/>
                              </login-module>
                          </authentication>
                      </security-domain>
                      ...
                      <datasource jndi-name="java:jboss/datasources/MysqlDS" pool-name="MysqlDS" enabled="true" use-java-context="true">
                          <connection-url>jdbc:mysql://localhost:3306/teste</connection-url>
                          <driver>mysql</driver>
                          <security>
                              <user-name>user_db</user-name>
                              <password>pass_db</password>
                          </security>
                          <statement>
                              <prepared-statement-cache-size>100</prepared-statement-cache-size>
                              <share-prepared-statements>true</share-prepared-statements>
                          </statement>
                      </datasource>
                      ...
                  <security-realm name="TestApplicationRealm">
                      <authentication>
                           <jaas name="TestSecurityDomain"/>
                      </authentication>
                  </security-realm>
              ...
              <subsystem xmlns="urn:jboss:domain:remoting:1.1">
                  <connector name="remoting-connector" socket-binding="remoting" security-realm="TestApplicationRealm"/>
              </subsystem>

       
      In the jboss-app.xml:
      <security-domain>TestSecurityDomain</security-domain>


      In the client side:

      jboss-ejb-client.properties:
      endpoint.name=client-endpoint
      remote.connections=default
      remote.connection.default.host=localhost
      remote.connection.default.port=4447
      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true
      remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false
      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false


      lookup class:
         Hashtable envTable = new Hashtable();
         envTable.put(Context.URL_PKG_PREFIXES,
           "org.jboss.ejb.client.naming");
         envTable.put(Context.INITIAL_CONTEXT_FACTORY,
           "org.jboss.naming.remote.client.InitialContextFactory");
         envTable.put(Context.PROVIDER_URL, "remote://localhost:4447");
         envTable.put(Context.SECURITY_PRINCIPAL, "rmarini");
         envTable.put(Context.SECURITY_CREDENTIALS, "rmarini1");
         envTable.put("jboss.naming.client.ejb.context", true);
         Context context = new InitialContext(envTable);

        
      When I run the client, returns this exception:
      INFO: JBoss Remoting version 3.2.3.GA
      21/12/2012 10:57:57 org.jboss.remoting3.remote.RemoteConnection handleException
      ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
      javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]
      at org.jboss.naming.remote.client.ClientUtil.namingException(ClientUtil.java:36)
      at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:121)
      at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
      at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
      at javax.naming.InitialContext.init(InitialContext.java:223)
      at javax.naming.InitialContext.<init>(InitialContext.java:197)
          ...
      Caused by: java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
      at org.jboss.naming.remote.protocol.IoFutureHelper.get(IoFutureHelper.java:87)
      at org.jboss.naming.remote.client.NamingStoreCache.getRemoteNamingStore(NamingStoreCache.java:56)
      at org.jboss.naming.remote.client.InitialContextFactory.getOrCreateCachedNamingStore(InitialContextFactory.java:166)
      at org.jboss.naming.remote.client.InitialContextFactory.getOrCreateNamingStore(InitialContextFactory.java:139)
      at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:104)
      ... 5 more
      Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
      at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:365)
      at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)
      at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
      at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
      at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
      at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
      at org.xnio.nio.NioHandle.run(NioHandle.java:90)
      at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)
      at ...asynchronous invocation...(Unknown Source)
      at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
      at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)
      at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)
      at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)
      at org.jboss.naming.remote.client.EndpointCache$EndpointWrapper.connect(EndpointCache.java:105)
      at org.jboss.naming.remote.client.NamingStoreCache.getRemoteNamingStore(NamingStoreCache.java:55)
      ... 8 more

       

      In the server, no exception is displayed, even set org.jboss.security to TRACE.

       

      I tried with Jboss 7.1 (picketbox-4.0.7.Final) and Jboss 7.2 Alpha (picketbox-4.0.14.Final).

       

      I found AS7-1370 related with this topic. there is a form to work around this?

       

      Thanks,

       

      Ricardo.

        • 1. Re: Authentication failed using DatabaseServerLoginModule
          jcacek

          You can try two simple tests, to better localize where the problem could be:

          • put a jboss-ejb3.xml deployment descriptor with security domain configured to your bundle, which contains EJBs
            • META-INF/jboss-ejb3.xml if you use JAR
            • WEB-INF/jboss-ejb3.xml in case of WAR
          • replace the DatabaseServerLoginModules with UsersRolesLoginModule and put following line to users.properties:
            rmarini=rmarini1
            
            and the one with your requested roles to the roles.properties:
            rmarini=Admin,User