Before of all,
thanks for the help about debugging... this could be a nice step forward...
I insert here the part of the debugging who sounds strange for me... I'd thank
you so mutch if you can tell me if you think this is normal or if you see
something strange too...
"a" is my username and "Admin" is the role I want to have and I stored in the
db...
...
[org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate()
test
[org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
2005-12-15 15:31:32,375 TRACE [org.jboss.security.SecurityAssociation]
popRunAsIdentity, runAs=null
2005-12-15 15:31:32,375 TRACE [org.jboss.security.SecurityAssociation] clear,
server=true
[org.apache.catalina.authenticator.AuthenticatorBase] Security checking request
POST /portal/auth/j_security_check
[org.apache.catalina.authenticator.FormAuthenticator] Authenticating username
'a'
[org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate,
username=a
...
[org.jboss.security.plugins.JaasSecurityManagerService] Created [EMAIL
PROTECTED]
...
[org.jboss.security.plugins.JaasSecurityManagerService] Added portal, [EMAIL
PROTECTED] to map
[org.jboss.security.plugins.JaasSecurityManager.portal] Begin isValid, cache
info: null
[org.jboss.security.auth.login.XMLLoginConfigImpl] Begin
getAppConfigurationEntry(portal), size=11
[org.jboss.security.auth.login.XMLLoginConfigImpl] End
getAppConfigurationEntry(portal), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:name=rolesQuery, value=select role, roleGroup from roles where
principalID=?
name=principalsQuery, value=select pswd from principals where principalID=?
name=unauthenticatedIdentity, value=guest
name=dsJndiName, value=java:/PortalDS
...
[org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
[org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw
unauthenticatedIdentity=guest
[org.jboss.security.auth.spi.DatabaseServerLoginModule]
DatabaseServerLoginModule, dsJndiName=java:/PortalDS
[org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=select
pswd from principals where principalID=?
[org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=select role,
roleGroup from roles where principalID=?
[org.jboss.security.auth.spi.DatabaseServerLoginModule] login
...
[org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'a' authenticated,
loginOk=true
[org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
[org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role
Admin
[org.jboss.security.plugins.JaasSecurityManager.portal] updateCache,
subject=Subject:
Principal: a
Principal: Admin(members:Admin)
[org.jboss.security.plugins.JaasSecurityManager.portal] Inserted cache info:
[EMAIL PROTECTED](8087063).principals=[a, Admin(members:Admin)],[EMAIL
PROTECTED],expirationTime=1134658896875]
[org.jboss.security.plugins.JaasSecurityManager.portal] End isValid, true
[org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: a is authenticated
2005-12-15 15:31:37,015 TRACE [org.jboss.security.SecurityAssociation]
pushSubjectContext, subject=Subject:
Principal: a
Principal: Admin(members:Admin)
, principal=a
[org.jboss.security.plugins.JaasSecurityManager.portal] getPrincipal, cache
info: [EMAIL PROTECTED](8087063).principals=[a, Admin(members:Admin)],[EMAIL
PROTECTED],expirationTime=1134658896875]
[org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input
principal: ato: a
[org.jboss.security.plugins.JaasSecurityManager.portal] getUserRoles, subject:
Subject:
Principal: a
Principal: Admin(members:Admin)
[org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate,
principal=GenericPrincipal[a()]
[org.apache.catalina.authenticator.FormAuthenticator] Authentication of 'a' was
successful
[org.apache.catalina.authenticator.FormAuthenticator] Redirecting to original
'/portal/auth/index.html?ctrl:id=window.default.CMSPortletWindow&ctrl:type=action&org.jboss.portal%23PATH=%2F'
[org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate()
test ??/portal/auth/j_security_check
2005-12-15 15:31:37,047 DEBUG [org.apache.catalina.connector.CoyoteAdapter]
Requested cookie session id is D38E98990950B5EA8294D0A7CA054BD6
[org.apache.catalina.authenticator.AuthenticatorBase] Security checking request
GET /portal/auth/index.html
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Admin]' against GET /auth/index.html --> true
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Secure]' against GET /auth/index.html --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Secure+Admin]' against GET /auth/index.html --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Admin]' against GET /auth/index.html --> true
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Secure]' against GET /auth/index.html --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Secure+Admin]' against GET /auth/index.html --> false
[org.apache.catalina.authenticator.AuthenticatorBase] Calling
hasUserDataPermission()
[org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
[org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
[org.apache.catalina.authenticator.FormAuthenticator] Restore request from
session 'D38E98990950B5EA8294D0A7CA054BD6'
[org.apache.catalina.authenticator.AuthenticatorBase] Authenticated 'a' with
type 'FORM'
[org.apache.catalina.authenticator.FormAuthenticator] Proceed to restored
request
[org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl()
[org.apache.catalina.realm.RealmBase] Checking roles GenericPrincipal[a()]
[org.apache.catalina.realm.RealmBase] Username a does NOT have role Admin
[org.apache.catalina.realm.RealmBase] No role found: Admin
[org.apache.catalina.authenticator.AuthenticatorBase] Failed accessControl()
test
[org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is
D38E98990950B5EA8294D0A7CA054BD6
[org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
[org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
[org.jboss.security.SecurityAssociation] clear, server=true
[org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is
D38E98990950B5EA8294D0A7CA054BD6
[org.apache.catalina.authenticator.AuthenticatorBase] Security checking request
GET /portal
[org.apache.catalina.authenticator.AuthenticatorBase] We have cached auth type
FORM for principal GenericPrincipal[a()]
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Admin]' against GET / --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Secure]' against GET / --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Secure+Admin]' against GET / --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Admin]' against GET / --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Secure]' against GET / --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Secure+Admin]' against GET / --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Admin]' against GET / --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Secure]' against GET / --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Secure+Admin]' against GET / --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Admin]' against GET / --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Secure]' against GET / --> false
[org.apache.catalina.realm.RealmBase] Checking constraint
'SecurityConstraint[Secure+Admin]' against GET / --> false
[org.apache.catalina.realm.RealmBase] No applicable constraint located
[org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any
constraint
[org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
[org.jboss.web.tomcat.security.SecurityAssociationValve] Restoring principal
info from cache
[org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
Principal: a
Principal: Admin(members:Admin)
, principal=a
[org.apache.catalina.core.StandardWrapper] Returning non-STM instance
[org.jboss.portal.server.impl.invocation.InvocationImpl] Incoming request with
id null
...
[org.hibernate.impl.SessionFactoryObjectFactory] JNDI lookup:
portal/SessionFactory
[org.hibernate.impl.SessionFactoryObjectFactory] lookup:
uid=402857d2082ece3f01082ece49900000
[org.hibernate.jdbc.JDBCContext] successfully registered Synchronization
[org.hibernate.impl.SessionImpl] opened session at timestamp: 4647555481534464
[org.hibernate.impl.SessionImpl] find: from UserImpl as u where u.userName=?
[org.hibernate.engine.QueryParameters] parameters: [a]
[org.hibernate.engine.QueryParameters] named parameters: {}
So... "a" is authenticated and its role is "Admin" as he says in the beginning,
but then a test on "test" fails and he doesn't recognise "a" as member of
"Admin"....
Thanks very mutch...
Have a nice day!
Il Dima
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3912917#3912917
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3912917
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
