incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Mein <cdm...@yahoo.co.uk>
Subject Re: JBoss/MySQL combination - cannot create new users
Date Wed, 30 Jul 2008 22:28:27 GMT
Andrew

Just to reassure myself that no username details are hashed into the password I created a
third user - test3 with the same password - the hashed password is the same. This user can
log in (as the original test user could) but test2 cannot. I also checked the uniqueness of
the names etc. Here is my users table (I've shortend the password from {SHA}83d5f07da94dd6d389cf26ecbad5329ad69ba59c):

email    | full_name | login_name | password             | wiki_name
NULL  | test         | test             | {SHA}83d...59c | test
NULL  | test2       | test2           | {SHA}83d...59c | test2
NULL  | test3       | test3           | {SHA}83d...59c | test3

So I think this means your first suggestion is not the issue - I have simply copied passwords
around (ideally I would hash it once via JSPWiki and use this value for all new accounts created
in a script) so they should be the same. This is verified by my other test, adding test3 via
the web interface. The second reason isn't an issue either as the names are all unique.

When you talk about the different identifiers I assume this is the JAAS stack (thing?) you
are talking about. I copied the default confirguration from the documentation that looks like:

<application-policy name="JSPWiki-container">
      <authentication>
        <login-module code="com.ecyrd.jspwiki.auth.login.WebContainerLoginModule"
              flag="sufficient"/>
        <login-module code="com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule"
              flag="sufficient"/>
        <login-module code="com.ecyrd.jspwiki.auth.login.AnonymousLoginModule"
              flag="sufficient"/>
        </authentication>
</application-policy>

Where is the login check vs the database in here? Is this function somehow controlled in the
WebContainerLoginModule? This is what I assumed but perhaps this is not the default behaviour
(which is how I read the installation instructions). I have tried adding in the com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule
configuration but this throws errors - are there other flags that control how the security
works?

Obviously if you sign up via the web everything works so maybe scripting the addition of users
isn't that common...?

Thanks, and any help appreciated

Chris



----- Original Message ----
From: Andrew Jaquith <andrew.jaquith@me.com>
To: "jspwiki-user@incubator.apache.org" <jspwiki-user@incubator.apache.org>
Sent: Wednesday, 30 July, 2008 1:34:34 PM
Subject: Re: JBoss/MySQL combination - cannot create new users

Chris --

The different 'WikiPrincipals' are just identifiers for the current  
user. If you successfully authenticate, it will be the user name. If  
not, it's the cookie vaue the user set, OR the IP address.

Anyway, all your messages tell me is that the second user cannot  
authenticate. One reason could be that the password you type in, once  
hashed with SHA1, does not match the hash code in the password column.  
If your database script generates passwords in clear text, by  
definition it is not hashed, and authentication will fail.

Another reason might me that the two users have the same wiki names,  
full names, or login names. These are all supposed to be unique. So it  
is a violation to have two users with different login names and full  
names, but whose wiki names are both 'test'.

On Jul 30, 2008, at 4:19 AM, Chris Mein <cdmein@yahoo.co.uk> wrote:

> Hi
>
> I am running JBoss 4.0.5.GA with MySQL 5.0.27. I have installed  
> JSPWiki and reconfigured the security to use a MySQL datasource (I  
> followed along the Oracle installation instructions - http://doc.jspwiki.org/2.4/wiki/JDBCSecurityWithOracle

> ). Everything seems fine and I get the debugging messages:
>
> [UserManager] Attempting to load user database class  
> com.ecyrd.jspwiki.auth.user.JDBCUserDatabase
> [AbstractUserDatabase] JDBCUserDatabase initialized from JNDI  
> DataSource: jdbc/UserDatabase
> [AbstractUserDatabase] JDBCUserDatabase supports transactions. Good;  
> we will use them.
> [UserManager] UserDatabase initialized.
>
> After setting up the JAAS configuration in the JBoss login- 
> config.xml file as documented here (http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSJAASConfiguration

> ) I went through the JSPWiki front end I created an account called  
> test. I can see when I run a select on the wiki_users database table  
> and I can also log in correctly.
>
> However if I try and create a row in the database directly I can  
> never log in with this user. I have simply copied the test record  
> data into a temporary table and then re-inserted it into the users  
> table.
>
> The only thing I can notice is that when I log in as 'test' I get a  
> debug line like:
>
> INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED  
> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515,  
> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test,  
> target=com.ecyrd.jspwiki.WikiSession@13f7175]
>
> When I log in as 'test2' (the copied record) I get:
>
> ERROR [SecurityLog] WikiSecurityEvent.LOGIN_FAILED  
> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515,  
> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1,  
> target=com.ecyrd.jspwiki.WikiSession@13f7175]
>
> Why is the WikiPrincipal different? What is the WikiPrincipal? Help?
>
> I have hundreds of users I need to script the generation of, hence  
> my headache...
>
> Thanks in advance
>
> Chris Mein
>
>
>
>      __________________________________________________________
> Not happy with your email address?.
> Get the one you really want - millions of new email addresses  
> available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html



      __________________________________________________________
Not happy with your email address?.
Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message