I am trying to get the jdbcRealm to work for my application. This is what I have so far:
In my web.xml I have:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jdbcRealm</realm-name>
<form-login-config>
<form-login-page>/user/login.jsf</form-login-page>
<form-error-page>/user/error.jsf</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Console</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
In glassfish I have defined a realm:
Realm Name: jdbcRealm
Class Name: com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm
JAAS Context: jdbcRealm
JNDI: jdbc/imagineSecurity
User Table: realm_user
User name column: username
Password column: password
Group table: realm_user_role_viw
Group name column: rolename
Digest algorithm: none
others fields are blank
I have enabled the Security Manager and Default Principal to role mapping under security settings. I also have set the default realm the jdbcDigest just to be sure thought I believe setting it in web.xml should be enough.
I have created the jdbc resources and tested that I could access them from within my webapplication so there shouldn’t be a problem there.
When I try to login my form appears as expected however I get the following error:
WARNING: WEB9102: Web Login Failed:
com.sun.enterprise.security.auth.login.common.LoginException: Login
failed: Failed file login for admin. WARNING: Exception
com.sun.enterprise.security.auth.login.common.LoginException: Login
failed: Failed file login for admin. at
com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:394)
at
com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:240)
at
com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:153)
at
com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:512)
at
com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:453)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:268)
at
org.apache.catalina.authenticator.AuthenticatorBase.processSecurityCheck(AuthenticatorBase.java:911)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:546)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:623)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98) at
com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
at
org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
at
com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
at
com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
at
com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
at
com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at
com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at
com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at
com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71) at
com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:722) Caused by:
javax.security.auth.login.LoginException: Failed file login for admin.
at
com.sun.enterprise.security.auth.login.FileLoginModule.authenticate(FileLoginModule.java:84)
at
com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:117)
at
com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:148)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601) at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
at java.security.AccessController.doPrivileged(Native Method) at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:594)
at
com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:382)
… 29 more
What worries me especially about this error is the part where it says: Failed file login for admin which seems to suggest it is still using the file realm.
I also have the following warning: WARNING: No Principals mapped to Role [admin].
But I believe the Default Principal to role mapping setting should take care of that mapping.
I did insert an admin user and role into my db with password admin
What am I missing?
Adding the realm under the server-config node instead of the default-config helps.