Chris --
You do not need to cc: me on replies -- I already receive them as a
list member.
I think the UserDatabaseLoginModule to the JBoss authentication
configuration in the way you did is the problem. You need to have
separate configurations for the JSPWiki-container and JSPWiki-custom
application contexts. Check the sample jspwiki.jaas file for details.
On Jul 30, 2008, at 6:48 PM, Chris Mein wrote:
Another observation
I have just changed the JAAS configuration to read:
<authentication>
<login-module
code="com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule"
flag="sufficient"/>
<login-module
code="com.ecyrd.jspwiki.auth.login.WebContainerLoginModule"
flag="sufficient"/>
<login-module
code="com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule"
flag="sufficient"/>
<login-module
code="com.ecyrd.jspwiki.auth.login.AnonymousLoginModule"
flag="sufficient"/>
</authentication>
When I log in with the account created via the web I get the
following debugging which clearly shows the UserDatabaseLoginModule
being called:
SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp
- Looking up WikiSession for session
ID=860822AD5ABD7B877BDF37293E92755B... found it
WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp
- Creating WikiContext for session
ID=860822AD5ABD7B877BDF37293E92755B; target=Login
WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp
- Do we need to log the user in? false
UserDatabaseLoginModule wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp
- Logged in loginName=test
UserDatabaseLoginModule wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp
- Added Principals Role.AUTHENTICATED,Role.ALL
...
SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp
- WikiSecurityEvent.LOGIN_AUTHENTICATED
[EMAIL PROTECTED],
princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test,
[EMAIL PROTECTED]
When I log in using one of the scripted users I get the following:
SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp
- Looking up WikiSession for session
ID=860822AD5ABD7B877BDF37293E92755B... found it
WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp
- Creating WikiContext for session
ID=860822AD5ABD7B877BDF37293E92755B; target=Login
WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp
- Do we need to log the user in? false
AuthenticationManager wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp
- Failed login: The username or password is incorrect.
SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp
- WikiSecurityEvent.LOGIN_FAILED
[EMAIL PROTECTED],
princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1,
[EMAIL PROTECTED]
As far as I can see on the second try I don't even get to look in
the database. For whatever reason the AuthenicationManager doesn't
even try to use the UserDatabaseLoginModule logic.
Chris
----- Original Message ----
From: Andrew Jaquith <[EMAIL PROTECTED]>
To: "[email protected]" <[email protected]
>
Sent: Wednesday, 30 July, 2008 1:34:34 PM
Subject: Re: JBoss/MySQL combination - cannot create new users
Chris --
The different 'WikiPrincipals' are just identifiers for the current
user. If you successfully authenticate, it will be the user name. If
not, it's the cookie vaue the user set, OR the IP address.
Anyway, all your messages tell me is that the second user cannot
authenticate. One reason could be that the password you type in, once
hashed with SHA1, does not match the hash code in the password column.
If your database script generates passwords in clear text, by
definition it is not hashed, and authentication will fail.
Another reason might me that the two users have the same wiki names,
full names, or login names. These are all supposed to be unique. So it
is a violation to have two users with different login names and full
names, but whose wiki names are both 'test'.
On Jul 30, 2008, at 4:19 AM, Chris Mein <[EMAIL PROTECTED]> wrote:
Hi
I am running JBoss 4.0.5.GA with MySQL 5.0.27. I have installed
JSPWiki and reconfigured the security to use a MySQL datasource (I
followed along the Oracle installation instructions -
http://doc.jspwiki.org/2.4/wiki/JDBCSecurityWithOracle
). Everything seems fine and I get the debugging messages:
[UserManager] Attempting to load user database class
com.ecyrd.jspwiki.auth.user.JDBCUserDatabase
[AbstractUserDatabase] JDBCUserDatabase initialized from JNDI
DataSource: jdbc/UserDatabase
[AbstractUserDatabase] JDBCUserDatabase supports transactions. Good;
we will use them.
[UserManager] UserDatabase initialized.
After setting up the JAAS configuration in the JBoss login-
config.xml file as documented here
(http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSJAASConfiguration
) I went through the JSPWiki front end I created an account called
test. I can see when I run a select on the wiki_users database table
and I can also log in correctly.
However if I try and create a row in the database directly I can
never log in with this user. I have simply copied the test record
data into a temporary table and then re-inserted it into the users
table.
The only thing I can notice is that when I log in as 'test' I get a
debug line like:
INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED
[EMAIL PROTECTED],
princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test,
[EMAIL PROTECTED]
When I log in as 'test2' (the copied record) I get:
ERROR [SecurityLog] WikiSecurityEvent.LOGIN_FAILED
[EMAIL PROTECTED],
princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1,
[EMAIL PROTECTED]
Why is the WikiPrincipal different? What is the WikiPrincipal? Help?
I have hundreds of users I need to script the generation of, hence
my headache...
Thanks in advance
Chris Mein
__________________________________________________________
Not happy with your email address?.
Get the one you really want - millions of new email addresses
available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
__________________________________________________________
Not happy with your email address?.
Get the one you really want - millions of new email addresses
available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
