0

configuring authentication with jaas

asked 2013-10-19 18:07:47 +0800

daovallec gravatar image daovallec
11 2

I AM DOING THIS EXAMPLE: http:// books.zkoss.org /wiki/SmallTalks/2009/August/FormBasedLoginwithJAASonJBossand_ZK

and:

http: //books.zkoss.org /wiki/SmallTalks/2010/February/AjaxandZKBasedLoginwithJAASon_JBoss

Then i created an web project and i create all Xml files, and the zul pages of the example

And Later i create a java Project with my persistence.xml, my entities and my DAOS.

Then i added the java project to my web project, the problem is that i do not know how controller my login with the users of my database, because the project run but always show:

Unknown exception when logging in: javax.security.auth.login.LoginException: Query failed Please, contact the admin.

i do not understand how jboss or jaas, return if the user exist, and the role of the user, to show the pages, my configuration files are:

(Are the same of the example except the login-jboss.beans.xml)

Or how can i say to jboss or jaas, this is my persistence unit, and this is my DAO, look the users and return me if the user exist, and where i recieve if the user exost or not exist?? I have this code:

This is my Login in public folder:

<?xml version="1.0" encoding="UTF-8"?>
<?page title="ZK Form Login Demo" contentType="text/html;charset=UTF-8"?>


<box id="mainbox" align="center" pack="center" width="100%" xmlns:h="http: //www.w3. org/1999/xhtml">
    <window title="ZK Form Login Demo" width="400px" position="cetner,center" border="normal">
        <zscript><![CDATA[
 // parse the j_exception
Throwable j_exception = (Throwable) sessionScope.get("j_exception");
String errMsg = null;
if (j_exception != null) {
    if (j_exception instanceof javax.security.auth.login.FailedLoginException) {
        errMsg = "Username and/or the password is not right. Please, try it again.";
    } else {
        errMsg = "Unknown exception when logging in: " + this.j_exception + " Please, contact the admin.";
    }
}
        ]]></zscript>
         <h:form method="post" id="j_security_check" action="j_security_check">
             <grid>
                 <columns>
                     <column width="13em"/>
                     <column width="100%"/>
                 </columns>
                 <rows>
                     <row>
                         Username :
                         <textbox id="j_username" name="j_username" value="${sessionScope.j_username}" width="98%" />
                     </row>
                     <row>
                         Password :
                         <textbox id="j_password" name="j_password" type="password" width="98%" />
                     </row>
                 </rows>
             </grid>
             <div width="100%">
                 <h:input type="submit" value="Login" />
             </div>
         </h:form>
         <div if="${errMsg != null}" width="100%" style="color:red">${errMsg}</div>
         <zscript><![CDATA[
        j_username.focus();
    ]]></zscript>
     </window>
 </box>

This is my zk.xml:

<?xml version="1.0" encoding="UTF-8"?>
<zk>
    <system-config>
        <disable-event-thread />
    </system-config>

</zk>

This is my web xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.5" xmlns="http: //java.sun.com /xml/ns/javaee" xmlns:xsi="http: //www.w3.org /2001/XMLSchema-instance"
         xsi:schemaLocation="http: //java.sun. com/xml/ns/javaee http:// java.sun.com /xml/ns/javaee/web-app_2_5.xsd"
>
    <display-name>zkformlogin</display-name>
    <listener>
        <description>Used to cleanup when a session is destroyed</description>
        <display-name>ZK Session Cleaner</display-name>
        <listener-class>org.zkoss.zk.ui.http.HttpSessionListener</listener-class>
    </listener>
    <servlet>
        <description>The servlet loads the DSP pages.</description>
        <servlet-name>dspLoader</servlet-name>
        <servlet-class>org.zkoss.web.servlet.dsp.InterpreterServlet</servlet-class>
    </servlet>
    <servlet>
        <description>ZK loader for ZUML pages</description>
        <servlet-name>zkLoader</servlet-name>
        <servlet-class>org.zkoss.zk.ui.http.DHtmlLayoutServlet</servlet-class>
        <init-param>
            <param-name>update-uri</param-name>
            <param-value>/zkau</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
        <description>The asynchronous update engine for ZK</description>
        <servlet-name>auEngine</servlet-name>
        <servlet-class>org.zkoss.zk.au.http.DHtmlUpdateServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>dspLoader</servlet-name>
        <url-pattern>*.dsp</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>zkLoader</servlet-name>
        <url-pattern>*.zul</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>zkLoader</servlet-name>
        <url-pattern>*.zhtml</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>auEngine</servlet-name>
        <url-pattern>/zkau/*</url-pattern>
    </servlet-mapping>
    <welcome-file-list>
        <welcome-file>index.zul</welcome-file>
        <welcome-file>index.zhtml</welcome-file>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
    </welcome-file-list>
    <!--
            Mapping of beans to local JNDI names. Not used. Good for JndiResolver. <ejb-ref> <ejb-ref-name>ejb/UserDao</ejb-ref-name>
            <ejb-ref-type>Session</ejb-ref-type> <home>org.zkformlogin.UserDao</home>
            <remote>org.zkformlogin.UserDao</remote> <mapped-name>zkformlogin-ear/UserDaoBean/local</mapped-name> </ejb-ref>
    -->
    <security-constraint>
        <display-name>Everything</display-name>
        <web-resource-collection>
            <web-resource-name>HtmlAdaptor</web-resource-name>
            <description>Secure Everything</description>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <security-constraint>
        <display-name>Zkau and Public Unprotected</display-name>
        <web-resource-collection>
            <web-resource-name>HtmlAdaptor</web-resource-name>
            <description>Exclude Zkau and Public</description>
            <url-pattern>/zkau/*</url-pattern>
            <url-pattern>/public/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <security-constraint>
        <display-name>Admin pages</display-name>
        <web-resource-collection>
            <web-resource-name>HtmlAdaptor</web-resource-name>
            <description>Admin pages</description>
            <url-pattern>/admin/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>ADMINISTRATOR</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>ZK Form Login Demo</realm-name>
        <form-login-config>
            <!-- Try /public/login_simple.zul  -->
            <form-login-page>/public/login.zul</form-login-page>
            <form-error-page>/public/login.zul</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <role-name>ADMINISTRATOR</role-name>
    </security-role>
    <!-- Not used in this demo web.xml
     <security-role>
           <role-name>user</role-name>
   </security-role>
    -->
</web-app>

This is my login-jboss-beans.xml

<?xml version="1.0" encoding="UTF-8"?>

<deployment xmlns="urn:jboss:bean-deployer:2.0">
    <application-policy xmlns="urn:jboss:security-beans:1.0" name="zkformlogin">
        <authentication>
            <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
                flag="required">
                <!-- <module-option name="hashAlgorithm">MD5</module-option> BASE64 also possible-->
                <!-- <module-option name="unauthenticatedIdentity">guest</module-option> -->
                <module-option name="dsJndiName">java:/DefaultDS</module-option>
                <module-option name="principalsQuery">SELECT password FROM Users WHERE email=?</module-option>
                <module-option name="rolesQuery">select r.type_role, 'Roles' from users u, role r where u.id_role=r.id_role and u.email=?</module-option>
            </login-module>
        </authentication>
    </application-policy>
</deployment>

This is my context.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!-- Add the ExtendedFormAuthenticator to get access to the exception and username. -->
<Context cookies="true">
    <!--  You may like to add disableProxyCaching="false" attribute. -->
    <Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator"
      includePassword="false" >
    </Valve>
</Context>

And i have the public files and admin files of the example,

All the files are the same except my login-jboss-beans.xml that i change the query.

delete flag offensive retag edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2013-10-20 14:16:15 +0800

Bobzk gravatar image Bobzk
428 1 5

If you don't need Spring for anything else in you application and are just trying to use if for security, have a look at Shiro instead. Easier to understand and install/setup than Spring.

Shiro Site

link publish delete flag offensive edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow
1 follower

RSS

Stats

Asked: 2013-10-19 18:07:47 +0800

Seen: 48 times

Last updated: Oct 20 '13

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More