JBoss Wildfly 8.0.0-Final
JSF 2.2.4
First I created login using the application-users.properties and application-roles.properties.
Added user with add-user.bat
Web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Resource</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/error.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
Standalone.xml
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
login.xhtml
<?xml version="1.0" encoding="UTF-8"?>
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://xmlns.jcp.org/jsf/facelets"
xmlns:f="http://xmlns.jcp.org/jsf/core"
xmlns:h="http://xmlns.jcp.org/jsf/html"
xmlns:p="http://primefaces.org/ui">
<div class="center">
<form method="POST" action="j_security_check" id="">
<h:panelGrid id="panel" columns="2" border="1" cellpadding="4" cellspacing="4">
<h:outputLabel for="j_username" value="Username:" />
<input type="text" name="j_username" />
<h:outputLabel for="j_password" value="Password:" />
<input type="password" name="j_password" />
<h:panelGroup>
<input type="submit" value="Login" />
</h:panelGroup>
</h:panelGrid>
</form>
</div>
</ui:composition>
So that worked fine.. now I want to use database authentication.. so I change the standalone.xml.
<login-module code="Database" flag="sufficient">
<module-option name="dsJndiName" value="java:jboss/jsi/GarageXADataSource"/>
<module-option name="principalsQuery" value="select encode(password, 'hex') from principal where username=?"/>
<module-option name="rolesQuery" value="select r.role, r.role_group from role r inner join principal p on r.role = p.role where p.username=?"/>
<module-option name="hashAlgorithm" value="SHA-512"/>
<module-option name="hashEncoding" value="hex"/>
</login-module>
I use this sql to insert a role and a user in the database ( PostgreSQL 9.3 )
INSERT INTO role(role, role_group) VALUES ('admin', 'Roles');
INSERT
INTO principal(username, email, password, role) VALUES ('Kris',
'xx@gmail.com', digest('pass', 'sha512'), 'admin');
But the login does not work.
I see no errors in the log.
I have used this approach before on AS 7.1.1 where it worked.
Thanks for you help.
Firstly DatabaseServerLoginModule logs to trace level, so you should set org.jboss.security log levels to trace in your standalone.xml as follows. Now you should see the errors in your server.log
<logger category="org.jboss.security">
<level name="TRACE"/>
</logger>
You also need to add a realm-name within your jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/MyRealm</security-domain>
</jboss-web>
You have not supplied the surrounding tags around your login-module configuration snippet. You should have something this below. The realm name needs to match that in your web.xml
<subsystem xmlns="urn:jboss:domain:security:1.0">
<security-domains>
<security-domain name="MyRealm">
<authentication>
<login-module code="Database" flag="required">
....
</authentication>
</security-domain>
</security-domains>
</subsystem>
Once you have done this could you post any errors from your server.log.
The problem is with constant 'Roles', you must specify it exactly like that 'Roles'. Example:
Select role, 'Roles' from Role where roleId =
I just had the same problem with Wildfly, look for this line in your standalone.xml
<default-security-domain value="other"/>
And change other to your securitydomain, in previous versions this option was n't necessary.
try to add a file jboss-web.xml in the WEB-INF folder:
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee
http://www.jboss.org/j2ee/schema/jboss-web_6_0.xsd" version="6.0">
<security-domain>java:/jaas/MyRealm</security-domain>
</jboss-web>
I was facing the same problem just now, but I've just managed to fix it!
The problem seems to be the principalsQuery.
According to the documentation you have to put the "Role" and "RoleGroup" in principalsQuery and they have to be with exactly case to match.
SQL prepared statement to be executed in order to map roles. It should be an equivalent to select Role, RoleGroup from Roles where PrincipalID=?, where Role is the role name and RoleGroup column value should always be "Roles" with capital R.
I was also not seeing anything, but I've enabled the below tag (just like Chris told) in my standalone.xml and now I'm able to see errors like "invalid login/password" in the logs.
<logger category="org.jboss.security">
<level name="TRACE"/>
</logger>
What I've done to confirm that the server was at least querying the database was to check the MySQL (in my case) logs to see if it was being queried.
All in all, the below configuration is what is working for me and btw it seems that few module-options like "hashEncoding" are not being used anymore (also according to the docs).
<security-domain name="example-jaas-realm">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/jboss/datasources/TestDS"/>
<module-option name="principalsQuery" value="select password as 'Password' from users where username=?"/>
<module-option name="rolesQuery" value="select ur.rolename as 'Role', ur.rolename as 'RoleGroup' from users_roles ur, users u, roles r where r.rolename = ur.rolename and u.username = ?"/>
</login-module>
</authentication>
</security-domain>
Edit
It seems that even after matching agains the database and giving a session to the user, it is still not able to access the protected area. I believe that it has to do something Role and RoleGroup.
2014-03-20 02:03:23,116 TRACE [org.jboss.security] (default task-9) PBOX000200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@c84b3766, cache entry: null
2014-03-20 02:03:23,120 TRACE [org.jboss.security] (default task-9) PBOX000209: defaultLogin, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@c84b3766
2014-03-20 02:03:23,120 TRACE [org.jboss.security] (default task-9) PBOX000221: Begin getAppConfigurationEntry(example-jaas-realm), size: 4
2014-03-20 02:03:23,120 TRACE [org.jboss.security] (default task-9) PBOX000224: End getAppConfigurationEntry(example-jaas-realm), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=principalsQuery, value=select password as 'Password' from users where username=?
name=dsJndiName, value=java:/jboss/datasources/TestDS
name=rolesQuery, value=select ur.rolename as 'Role', ur.rolename as 'RoleGroup' from users_roles ur, users u, roles r where r.rolename = ur.rolename and u.username = ?
2014-03-20 02:03:23,120 TRACE [org.jboss.security] (default task-9) PBOX000236: Begin initialize method
2014-03-20 02:03:23,120 TRACE [org.jboss.security] (default task-9) PBOX000262: Module options [dsJndiName: java:/jboss/datasources/TestDS, principalsQuery: select password as 'Password' from users where username=?, rolesQuery: select ur.rolename as 'Role', ur.rolename as 'RoleGroup' from users_roles ur, users u, roles r where r.rolename = ur.rolename and u.username = ?, suspendResume: true]
2014-03-20 02:03:23,121 TRACE [org.jboss.security] (default task-9) PBOX000240: Begin login method
2014-03-20 02:03:23,121 TRACE [org.jboss.security] (default task-9) PBOX000263: Executing query select password as 'Password' from users where username=? with username renann
2014-03-20 02:03:23,123 TRACE [org.jboss.security] (default task-9) PBOX000241: End login method, isValid: true
2014-03-20 02:03:23,123 TRACE [org.jboss.security] (default task-9) PBOX000242: Begin commit method, overall result: true
2014-03-20 02:03:23,123 TRACE [org.jboss.security] (default task-9) PBOX000263: Executing query select ur.rolename as 'Role', ur.rolename as 'RoleGroup' from users_roles ur, users u, roles r where r.rolename = ur.rolename and u.username = ? with username renann
2014-03-20 02:03:23,123 TRACE [org.jboss.security] (default task-9) PBOX000263: Executing query select ur.rolename as 'Role', ur.rolename as 'RoleGroup' from users_roles ur, users u, roles r where r.rolename = ur.rolename and u.username = ? with username renann
2014-03-20 02:03:23,125 TRACE [org.jboss.security] (default task-9) PBOX000210: defaultLogin, login context: javax.security.auth.login.LoginContext@248d105d, subject: Subject(690838634).principals=org.jboss.security.SimplePrincipal@730498373(renann)org.jboss.security.SimpleGroup@1160321194(teste_role(members:teste_role))org.jboss.security.SimpleGroup@1160321194(admin_role(members:admin_role))org.jboss.security.SimpleGroup@1160321194(CallerPrincipal(members:renann))
2014-03-20 02:03:23,125 TRACE [org.jboss.security] (default task-9) PBOX000201: End isValid, result = true
Here's my web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<security-constraint>
<display-name>Security Constraint Test Display Name</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>CONNECT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>teste_role</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>example-jaas-realm</realm-name>
<form-login-config>
<form-login-page>/index.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-role>
<role-name>teste_role</role-name>
</security-role>
</web-app>
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 聊天终结者 的文章《JBoss Wildfly - database login module》','https://www.manongdao.com/article-576696.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}