jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Mein <cdm...@yahoo.co.uk>
Subject Re: JBoss/MySQL combination - cannot create new users
Date Thu, 31 Jul 2008 03:34:28 GMT
Andrew

The issue happens exactly the same whichever way I have the login modules configured. The
only reason I added the UserDatabaseLoginModule at the top was to see if it even gets called
- for some reason it doesn't. The debug I get is:

SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Looking up
WikiSession for session ID=860822AD5ABD7B877BDF37293E92755B... found it
WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Creating WikiContext
for session ID=860822AD5ABD7B877BDF37293E92755B; target=Login
WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Do we need to
log the user in? false
AuthenticationManager wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Failed
login: The username or password is incorrect.
SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - WikiSecurityEvent.LOGIN_FAILED
[source=com.ecyrd.jspwiki.auth.AuthenticationManager@17eb767, princpal=com.ecyrd.jspwiki.auth.WikiPrincipal
127.0.0.1, target=com.ecyrd.jspwiki.WikiSession@103f4aa]

It appears to me that the AuthenticationManager for some reason doesn't even try to use the
UserDatabaseLoginModule to authenticate the user. For some reason this is totally bypased.

I am wondering whether some other user store exists that contains users I have created via
the web but not users I have only added to the database.

Chris





----- Original Message ----
From: Andrew Jaquith <andrew.jaquith@me.com>
To: jspwiki-user@incubator.apache.org
Sent: Thursday, 31 July, 2008 4:10:53 AM
Subject: Re: JBoss/MySQL combination - cannot create new users

Chris --

You do not need to cc: me on replies -- I already receive them as a  
list member.

I think the UserDatabaseLoginModule to the JBoss authentication  
configuration in the way you did is the problem. You need to have  
separate configurations for the JSPWiki-container and JSPWiki-custom  
application contexts. Check the sample jspwiki.jaas file for details.

On Jul 30, 2008, at 6:48 PM, Chris Mein wrote:

> Another observation
>
> I have just changed the JAAS configuration to read:
>
> <authentication>
>     <login-module  
> code="com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule"
>          flag="sufficient"/>
>     <login-module  
> code="com.ecyrd.jspwiki.auth.login.WebContainerLoginModule"
>          flag="sufficient"/>
>     <login-module  
> code="com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule"
>          flag="sufficient"/>
>     <login-module  
> code="com.ecyrd.jspwiki.auth.login.AnonymousLoginModule"
>          flag="sufficient"/>
> </authentication>
>
> When I log in with the account created via the web I get the  
> following debugging which clearly shows the UserDatabaseLoginModule  
> being called:
>
> SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp 
>  - Looking up WikiSession for session  
> ID=860822AD5ABD7B877BDF37293E92755B... found it
> WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp 
>  - Creating WikiContext for session  
> ID=860822AD5ABD7B877BDF37293E92755B; target=Login
> WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp 
>  - Do we need to log the user in? false
> UserDatabaseLoginModule wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp

>  - Logged in loginName=test
> UserDatabaseLoginModule wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp

>  - Added Principals Role.AUTHENTICATED,Role.ALL
> ...
> SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp 
>  - WikiSecurityEvent.LOGIN_AUTHENTICATED  
> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@148f7e0,  
> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test,  
> target=com.ecyrd.jspwiki.WikiSession@1616dd6]
>
> When I log in using one of the scripted users I get the following:
>
> SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp 
>  - Looking up WikiSession for session  
> ID=860822AD5ABD7B877BDF37293E92755B... found it
> WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp 
>  - Creating WikiContext for session  
> ID=860822AD5ABD7B877BDF37293E92755B; target=Login
> WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp 
>  - Do we need to log the user in? false
> AuthenticationManager wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp

>  - Failed login: The username or password is incorrect.
> SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp 
>  - WikiSecurityEvent.LOGIN_FAILED  
> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@148f7e0,  
> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1,  
> target=com.ecyrd.jspwiki.WikiSession@1616dd6]
>
> As far as I can see on the second try I don't even get to look in  
> the database. For whatever reason the AuthenicationManager doesn't  
> even try to use the UserDatabaseLoginModule logic.
>
> Chris
>
>
>
> ----- Original Message ----
> From: Andrew Jaquith <andrew.jaquith@me.com>
> To: "jspwiki-user@incubator.apache.org" <jspwiki-user@incubator.apache.org 
> >
> Sent: Wednesday, 30 July, 2008 1:34:34 PM
> Subject: Re: JBoss/MySQL combination - cannot create new users
>
> Chris --
>
> The different 'WikiPrincipals' are just identifiers for the current
> user. If you successfully authenticate, it will be the user name. If
> not, it's the cookie vaue the user set, OR the IP address.
>
> Anyway, all your messages tell me is that the second user cannot
> authenticate. One reason could be that the password you type in, once
> hashed with SHA1, does not match the hash code in the password column.
> If your database script generates passwords in clear text, by
> definition it is not hashed, and authentication will fail.
>
> Another reason might me that the two users have the same wiki names,
> full names, or login names. These are all supposed to be unique. So it
> is a violation to have two users with different login names and full
> names, but whose wiki names are both 'test'.
>
> On Jul 30, 2008, at 4:19 AM, Chris Mein <cdmein@yahoo.co.uk> wrote:
>
>> Hi
>>
>> I am running JBoss 4.0.5.GA with MySQL 5.0.27. I have installed
>> JSPWiki and reconfigured the security to use a MySQL datasource (I
>> followed along the Oracle installation instructions - http://doc.jspwiki.org/2.4/wiki/JDBCSecurityWithOracle
>> ). Everything seems fine and I get the debugging messages:
>>
>> [UserManager] Attempting to load user database class
>> com.ecyrd.jspwiki.auth.user.JDBCUserDatabase
>> [AbstractUserDatabase] JDBCUserDatabase initialized from JNDI
>> DataSource: jdbc/UserDatabase
>> [AbstractUserDatabase] JDBCUserDatabase supports transactions. Good;
>> we will use them.
>> [UserManager] UserDatabase initialized.
>>
>> After setting up the JAAS configuration in the JBoss login-
>> config.xml file as documented here (http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSJAASConfiguration
>> ) I went through the JSPWiki front end I created an account called
>> test. I can see when I run a select on the wiki_users database table
>> and I can also log in correctly.
>>
>> However if I try and create a row in the database directly I can
>> never log in with this user. I have simply copied the test record
>> data into a temporary table and then re-inserted it into the users
>> table.
>>
>> The only thing I can notice is that when I log in as 'test' I get a
>> debug line like:
>>
>> INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED
>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515,
>> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test,
>> target=com.ecyrd.jspwiki.WikiSession@13f7175]
>>
>> When I log in as 'test2' (the copied record) I get:
>>
>> ERROR [SecurityLog] WikiSecurityEvent.LOGIN_FAILED
>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515,
>> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1,
>> target=com.ecyrd.jspwiki.WikiSession@13f7175]
>>
>> Why is the WikiPrincipal different? What is the WikiPrincipal? Help?
>>
>> I have hundreds of users I need to script the generation of, hence
>> my headache...
>>
>> Thanks in advance
>>
>> Chris Mein
>>
>>
>>
>>     __________________________________________________________
>> Not happy with your email address?.
>> Get the one you really want - millions of new email addresses
>> available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
>
>
>
>      __________________________________________________________
> Not happy with your email address?.
> Get the one you really want - millions of new email addresses  
> available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html


      __________________________________________________________
Not happy with your email address?.
Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message