|

»

»

JBoss/MySQL combination - cannot create new users

View: New views

9 Messages — Rating Filter: Alert me

	JBoss/MySQL combination - cannot create new users by Chris Mein :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi I am running JBoss 4.0.5.GA with MySQL 5.0.27. I have installed JSPWiki and reconfigured the security to use a MySQL datasource (I followed along the Oracle installation instructions - http://doc.jspwiki.org/2.4/wiki/JDBCSecurityWithOracle). Everything seems fine and I get the debugging messages: [UserManager] Attempting to load user database class com.ecyrd.jspwiki.auth.user.JDBCUserDatabase [AbstractUserDatabase] JDBCUserDatabase initialized from JNDI DataSource: jdbc/UserDatabase [AbstractUserDatabase] JDBCUserDatabase supports transactions. Good; we will use them. [UserManager] UserDatabase initialized. After setting up the JAAS configuration in the JBoss login-config.xml file as documented here (http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSJAASConfiguration) I went through the JSPWiki front end I created an account called test. I can see when I run a select on the wiki_users database table and I can also log in correctly. However if I try and create a row in the database directly I can never log in with this user. I have simply copied the test record data into a temporary table and then re-inserted it into the users table. The only thing I can notice is that when I log in as 'test' I get a debug line like: INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515, princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test, target=com.ecyrd.jspwiki.WikiSession@13f7175] When I log in as 'test2' (the copied record) I get: ERROR [SecurityLog] WikiSecurityEvent.LOGIN_FAILED [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515, princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, target=com.ecyrd.jspwiki.WikiSession@13f7175] Why is the WikiPrincipal different? What is the WikiPrincipal? Help? I have hundreds of users I need to script the generation of, hence my headache... Thanks in advance Chris Mein __________________________________________________________ Not happy with your email address?. Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
	Re: JBoss/MySQL combination - cannot create new users by Andrew Jaquith-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Chris -- The different 'WikiPrincipals' are just identifiers for the current user. If you successfully authenticate, it will be the user name. If not, it's the cookie vaue the user set, OR the IP address. Anyway, all your messages tell me is that the second user cannot authenticate. One reason could be that the password you type in, once hashed with SHA1, does not match the hash code in the password column. If your database script generates passwords in clear text, by definition it is not hashed, and authentication will fail. Another reason might me that the two users have the same wiki names, full names, or login names. These are all supposed to be unique. So it is a violation to have two users with different login names and full names, but whose wiki names are both 'test'. On Jul 30, 2008, at 4:19 AM, Chris Mein <cdmein@...> wrote: > Hi > > I am running JBoss 4.0.5.GA with MySQL 5.0.27. I have installed > JSPWiki and reconfigured the security to use a MySQL datasource (I > followed along the Oracle installation instructions - http://doc.jspwiki.org/2.4/wiki/JDBCSecurityWithOracle > ). Everything seems fine and I get the debugging messages: > > [UserManager] Attempting to load user database class > com.ecyrd.jspwiki.auth.user.JDBCUserDatabase > [AbstractUserDatabase] JDBCUserDatabase initialized from JNDI > DataSource: jdbc/UserDatabase > [AbstractUserDatabase] JDBCUserDatabase supports transactions. Good; > we will use them. > [UserManager] UserDatabase initialized. > > After setting up the JAAS configuration in the JBoss login- > config.xml file as documented here (http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSJAASConfiguration > ) I went through the JSPWiki front end I created an account called > test. I can see when I run a select on the wiki_users database table > and I can also log in correctly. > > However if I try and create a row in the database directly I can > never log in with this user. I have simply copied the test record > data into a temporary table and then re-inserted it into the users > table. > > The only thing I can notice is that when I log in as 'test' I get a > debug line like: > > INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515, > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test, > target=com.ecyrd.jspwiki.WikiSession@13f7175] > > When I log in as 'test2' (the copied record) I get: > > ERROR [SecurityLog] WikiSecurityEvent.LOGIN_FAILED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515, > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, > target=com.ecyrd.jspwiki.WikiSession@13f7175] > > Why is the WikiPrincipal different? What is the WikiPrincipal? Help? > > I have hundreds of users I need to script the generation of, hence > my headache... > > Thanks in advance > > Chris Mein > > > > __________________________________________________________ > Not happy with your email address?. > Get the one you really want - millions of new email addresses > available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
	Re: JBoss/MySQL combination - cannot create new users by Chris Mein :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Andrew Just to reassure myself that no username details are hashed into the password I created a third user - test3 with the same password - the hashed password is the same. This user can log in (as the original test user could) but test2 cannot. I also checked the uniqueness of the names etc. Here is my users table (I've shortend the password from {SHA}83d5f07da94dd6d389cf26ecbad5329ad69ba59c): email \| full_name \| login_name \| password \| wiki_name NULL \| test \| test \| {SHA}83d...59c \| test NULL \| test2 \| test2 \| {SHA}83d...59c \| test2 NULL \| test3 \| test3 \| {SHA}83d...59c \| test3 So I think this means your first suggestion is not the issue - I have simply copied passwords around (ideally I would hash it once via JSPWiki and use this value for all new accounts created in a script) so they should be the same. This is verified by my other test, adding test3 via the web interface. The second reason isn't an issue either as the names are all unique. When you talk about the different identifiers I assume this is the JAAS stack (thing?) you are talking about. I copied the default confirguration from the documentation that looks like: <application-policy name="JSPWiki-container"> <authentication> <login-module code="com.ecyrd.jspwiki.auth.login.WebContainerLoginModule" flag="sufficient"/> <login-module code="com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule" flag="sufficient"/> <login-module code="com.ecyrd.jspwiki.auth.login.AnonymousLoginModule" flag="sufficient"/> </authentication> </application-policy> Where is the login check vs the database in here? Is this function somehow controlled in the WebContainerLoginModule? This is what I assumed but perhaps this is not the default behaviour (which is how I read the installation instructions). I have tried adding in the com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule configuration but this throws errors - are there other flags that control how the security works? Obviously if you sign up via the web everything works so maybe scripting the addition of users isn't that common...? Thanks, and any help appreciated Chris ----- Original Message ---- From: Andrew Jaquith <andrew.jaquith@...> To: "jspwiki-user@..." <jspwiki-user@...> Sent: Wednesday, 30 July, 2008 1:34:34 PM Subject: Re: JBoss/MySQL combination - cannot create new users Chris -- The different 'WikiPrincipals' are just identifiers for the current user. If you successfully authenticate, it will be the user name. If not, it's the cookie vaue the user set, OR the IP address. Anyway, all your messages tell me is that the second user cannot authenticate. One reason could be that the password you type in, once hashed with SHA1, does not match the hash code in the password column. If your database script generates passwords in clear text, by definition it is not hashed, and authentication will fail. Another reason might me that the two users have the same wiki names, full names, or login names. These are all supposed to be unique. So it is a violation to have two users with different login names and full names, but whose wiki names are both 'test'. On Jul 30, 2008, at 4:19 AM, Chris Mein <cdmein@...> wrote: > Hi > > I am running JBoss 4.0.5.GA with MySQL 5.0.27. I have installed > JSPWiki and reconfigured the security to use a MySQL datasource (I > followed along the Oracle installation instructions - http://doc.jspwiki.org/2.4/wiki/JDBCSecurityWithOracle > ). Everything seems fine and I get the debugging messages: > > [UserManager] Attempting to load user database class > com.ecyrd.jspwiki.auth.user.JDBCUserDatabase > [AbstractUserDatabase] JDBCUserDatabase initialized from JNDI > DataSource: jdbc/UserDatabase > [AbstractUserDatabase] JDBCUserDatabase supports transactions. Good; > we will use them. > [UserManager] UserDatabase initialized. > > After setting up the JAAS configuration in the JBoss login- > config.xml file as documented here (http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSJAASConfiguration > ) I went through the JSPWiki front end I created an account called > test. I can see when I run a select on the wiki_users database table > and I can also log in correctly. > > However if I try and create a row in the database directly I can > never log in with this user. I have simply copied the test record > data into a temporary table and then re-inserted it into the users > table. > > The only thing I can notice is that when I log in as 'test' I get a > debug line like: > > INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515, > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test, > target=com.ecyrd.jspwiki.WikiSession@13f7175] > > When I log in as 'test2' (the copied record) I get: > > ERROR [SecurityLog] WikiSecurityEvent.LOGIN_FAILED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515, > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, > target=com.ecyrd.jspwiki.WikiSession@13f7175] > > Why is the WikiPrincipal different? What is the WikiPrincipal? Help? > > I have hundreds of users I need to script the generation of, hence > my headache... > > Thanks in advance > > Chris Mein > > > > __________________________________________________________ > Not happy with your email address?. > Get the one you really want - millions of new email addresses > available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html __________________________________________________________ Not happy with your email address?. Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
	Re: JBoss/MySQL combination - cannot create new users by Chris Mein :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Another observation I have just changed the JAAS configuration to read: <authentication> <login-module code="com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule" flag="sufficient"/> <login-module code="com.ecyrd.jspwiki.auth.login.WebContainerLoginModule" flag="sufficient"/> <login-module code="com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule" flag="sufficient"/> <login-module code="com.ecyrd.jspwiki.auth.login.AnonymousLoginModule" flag="sufficient"/> </authentication> When I log in with the account created via the web I get the following debugging which clearly shows the UserDatabaseLoginModule being called: SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Looking up WikiSession for session ID=860822AD5ABD7B877BDF37293E92755B... found it WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Creating WikiContext for session ID=860822AD5ABD7B877BDF37293E92755B; target=Login WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Do we need to log the user in? false UserDatabaseLoginModule wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Logged in loginName=test UserDatabaseLoginModule wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Added Principals Role.AUTHENTICATED,Role.ALL ... SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - WikiSecurityEvent.LOGIN_AUTHENTICATED [source=com.ecyrd.jspwiki.auth.AuthenticationManager@148f7e0, princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test, target=com.ecyrd.jspwiki.WikiSession@1616dd6] When I log in using one of the scripted users I get the following: SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Looking up WikiSession for session ID=860822AD5ABD7B877BDF37293E92755B... found it WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Creating WikiContext for session ID=860822AD5ABD7B877BDF37293E92755B; target=Login WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Do we need to log the user in? false AuthenticationManager wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Failed login: The username or password is incorrect. SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - WikiSecurityEvent.LOGIN_FAILED [source=com.ecyrd.jspwiki.auth.AuthenticationManager@148f7e0, princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, target=com.ecyrd.jspwiki.WikiSession@1616dd6] As far as I can see on the second try I don't even get to look in the database. For whatever reason the AuthenicationManager doesn't even try to use the UserDatabaseLoginModule logic. Chris ----- Original Message ---- From: Andrew Jaquith <andrew.jaquith@...> To: "jspwiki-user@..." <jspwiki-user@...> Sent: Wednesday, 30 July, 2008 1:34:34 PM Subject: Re: JBoss/MySQL combination - cannot create new users Chris -- The different 'WikiPrincipals' are just identifiers for the current user. If you successfully authenticate, it will be the user name. If not, it's the cookie vaue the user set, OR the IP address. Anyway, all your messages tell me is that the second user cannot authenticate. One reason could be that the password you type in, once hashed with SHA1, does not match the hash code in the password column. If your database script generates passwords in clear text, by definition it is not hashed, and authentication will fail. Another reason might me that the two users have the same wiki names, full names, or login names. These are all supposed to be unique. So it is a violation to have two users with different login names and full names, but whose wiki names are both 'test'. On Jul 30, 2008, at 4:19 AM, Chris Mein <cdmein@...> wrote: > Hi > > I am running JBoss 4.0.5.GA with MySQL 5.0.27. I have installed > JSPWiki and reconfigured the security to use a MySQL datasource (I > followed along the Oracle installation instructions - http://doc.jspwiki.org/2.4/wiki/JDBCSecurityWithOracle > ). Everything seems fine and I get the debugging messages: > > [UserManager] Attempting to load user database class > com.ecyrd.jspwiki.auth.user.JDBCUserDatabase > [AbstractUserDatabase] JDBCUserDatabase initialized from JNDI > DataSource: jdbc/UserDatabase > [AbstractUserDatabase] JDBCUserDatabase supports transactions. Good; > we will use them. > [UserManager] UserDatabase initialized. > > After setting up the JAAS configuration in the JBoss login- > config.xml file as documented here (http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSJAASConfiguration > ) I went through the JSPWiki front end I created an account called > test. I can see when I run a select on the wiki_users database table > and I can also log in correctly. > > However if I try and create a row in the database directly I can > never log in with this user. I have simply copied the test record > data into a temporary table and then re-inserted it into the users > table. > > The only thing I can notice is that when I log in as 'test' I get a > debug line like: > > INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515, > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test, > target=com.ecyrd.jspwiki.WikiSession@13f7175] > > When I log in as 'test2' (the copied record) I get: > > ERROR [SecurityLog] WikiSecurityEvent.LOGIN_FAILED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515, > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, > target=com.ecyrd.jspwiki.WikiSession@13f7175] > > Why is the WikiPrincipal different? What is the WikiPrincipal? Help? > > I have hundreds of users I need to script the generation of, hence > my headache... > > Thanks in advance > > Chris Mein > > > > __________________________________________________________ > Not happy with your email address?. > Get the one you really want - millions of new email addresses > available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html __________________________________________________________ Not happy with your email address?. Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
	Re: JBoss/MySQL combination - cannot create new users by Andrew Jaquith-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Chris -- You do not need to cc: me on replies -- I already receive them as a list member. I think the UserDatabaseLoginModule to the JBoss authentication configuration in the way you did is the problem. You need to have separate configurations for the JSPWiki-container and JSPWiki-custom application contexts. Check the sample jspwiki.jaas file for details. On Jul 30, 2008, at 6:48 PM, Chris Mein wrote: > Another observation > > I have just changed the JAAS configuration to read: > > <authentication> > <login-module > code="com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule" > flag="sufficient"/> > <login-module > code="com.ecyrd.jspwiki.auth.login.WebContainerLoginModule" > flag="sufficient"/> > <login-module > code="com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule" > flag="sufficient"/> > <login-module > code="com.ecyrd.jspwiki.auth.login.AnonymousLoginModule" > flag="sufficient"/> > </authentication> > > When I log in with the account created via the web I get the > following debugging which clearly shows the UserDatabaseLoginModule > being called: > > SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Looking up WikiSession for session > ID=860822AD5ABD7B877BDF37293E92755B... found it > WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Creating WikiContext for session > ID=860822AD5ABD7B877BDF37293E92755B; target=Login > WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Do we need to log the user in? false > UserDatabaseLoginModule wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Logged in loginName=test > UserDatabaseLoginModule wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Added Principals Role.AUTHENTICATED,Role.ALL > ... > SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@148f7e0, > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test, > target=com.ecyrd.jspwiki.WikiSession@1616dd6] > > When I log in using one of the scripted users I get the following: > > SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Looking up WikiSession for session > ID=860822AD5ABD7B877BDF37293E92755B... found it > WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Creating WikiContext for session > ID=860822AD5ABD7B877BDF37293E92755B; target=Login > WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Do we need to log the user in? false > AuthenticationManager wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Failed login: The username or password is incorrect. > SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - WikiSecurityEvent.LOGIN_FAILED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@148f7e0, > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, > target=com.ecyrd.jspwiki.WikiSession@1616dd6] > > As far as I can see on the second try I don't even get to look in > the database. For whatever reason the AuthenicationManager doesn't > even try to use the UserDatabaseLoginModule logic. > > Chris > > > > ----- Original Message ---- > From: Andrew Jaquith <andrew.jaquith@...> > To: "jspwiki-user@..." <jspwiki-user@... > > > Sent: Wednesday, 30 July, 2008 1:34:34 PM > Subject: Re: JBoss/MySQL combination - cannot create new users > > Chris -- > > The different 'WikiPrincipals' are just identifiers for the current > user. If you successfully authenticate, it will be the user name. If > not, it's the cookie vaue the user set, OR the IP address. > > Anyway, all your messages tell me is that the second user cannot > authenticate. One reason could be that the password you type in, once > hashed with SHA1, does not match the hash code in the password column. > If your database script generates passwords in clear text, by > definition it is not hashed, and authentication will fail. > > Another reason might me that the two users have the same wiki names, > full names, or login names. These are all supposed to be unique. So it > is a violation to have two users with different login names and full > names, but whose wiki names are both 'test'. > > On Jul 30, 2008, at 4:19 AM, Chris Mein <cdmein@...> wrote: > >> Hi >> >> I am running JBoss 4.0.5.GA with MySQL 5.0.27. I have installed >> JSPWiki and reconfigured the security to use a MySQL datasource (I >> followed along the Oracle installation instructions - http://doc.jspwiki.org/2.4/wiki/JDBCSecurityWithOracle >> ). Everything seems fine and I get the debugging messages: >> >> [UserManager] Attempting to load user database class >> com.ecyrd.jspwiki.auth.user.JDBCUserDatabase >> [AbstractUserDatabase] JDBCUserDatabase initialized from JNDI >> DataSource: jdbc/UserDatabase >> [AbstractUserDatabase] JDBCUserDatabase supports transactions. Good; >> we will use them. >> [UserManager] UserDatabase initialized. >> >> After setting up the JAAS configuration in the JBoss login- >> config.xml file as documented here (http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSJAASConfiguration >> ) I went through the JSPWiki front end I created an account called >> test. I can see when I run a select on the wiki_users database table >> and I can also log in correctly. >> >> However if I try and create a row in the database directly I can >> never log in with this user. I have simply copied the test record >> data into a temporary table and then re-inserted it into the users >> table. >> >> The only thing I can notice is that when I log in as 'test' I get a >> debug line like: >> >> INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515, >> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test, >> target=com.ecyrd.jspwiki.WikiSession@13f7175] >> >> When I log in as 'test2' (the copied record) I get: >> >> ERROR [SecurityLog] WikiSecurityEvent.LOGIN_FAILED >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515, >> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, >> target=com.ecyrd.jspwiki.WikiSession@13f7175] >> >> Why is the WikiPrincipal different? What is the WikiPrincipal? Help? >> >> I have hundreds of users I need to script the generation of, hence >> my headache... >> >> Thanks in advance >> >> Chris Mein >> >> >> >> __________________________________________________________ >> Not happy with your email address?. >> Get the one you really want - millions of new email addresses >> available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html > > > > __________________________________________________________ > Not happy with your email address?. > Get the one you really want - millions of new email addresses > available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
	Re: JBoss/MySQL combination - cannot create new users by Chris Mein :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Andrew The issue happens exactly the same whichever way I have the login modules configured. The only reason I added the UserDatabaseLoginModule at the top was to see if it even gets called - for some reason it doesn't. The debug I get is: SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Looking up WikiSession for session ID=860822AD5ABD7B877BDF37293E92755B... found it WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Creating WikiContext for session ID=860822AD5ABD7B877BDF37293E92755B; target=Login WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Do we need to log the user in? false AuthenticationManager wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - Failed login: The username or password is incorrect. SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp - WikiSecurityEvent.LOGIN_FAILED [source=com.ecyrd.jspwiki.auth.AuthenticationManager@17eb767, princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, target=com.ecyrd.jspwiki.WikiSession@103f4aa] It appears to me that the AuthenticationManager for some reason doesn't even try to use the UserDatabaseLoginModule to authenticate the user. For some reason this is totally bypased. I am wondering whether some other user store exists that contains users I have created via the web but not users I have only added to the database. Chris ----- Original Message ---- From: Andrew Jaquith <andrew.jaquith@...> To: jspwiki-user@... Sent: Thursday, 31 July, 2008 4:10:53 AM Subject: Re: JBoss/MySQL combination - cannot create new users Chris -- You do not need to cc: me on replies -- I already receive them as a list member. I think the UserDatabaseLoginModule to the JBoss authentication configuration in the way you did is the problem. You need to have separate configurations for the JSPWiki-container and JSPWiki-custom application contexts. Check the sample jspwiki.jaas file for details. On Jul 30, 2008, at 6:48 PM, Chris Mein wrote: > Another observation > > I have just changed the JAAS configuration to read: > > <authentication> > <login-module > code="com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule" > flag="sufficient"/> > <login-module > code="com.ecyrd.jspwiki.auth.login.WebContainerLoginModule" > flag="sufficient"/> > <login-module > code="com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule" > flag="sufficient"/> > <login-module > code="com.ecyrd.jspwiki.auth.login.AnonymousLoginModule" > flag="sufficient"/> > </authentication> > > When I log in with the account created via the web I get the > following debugging which clearly shows the UserDatabaseLoginModule > being called: > > SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Looking up WikiSession for session > ID=860822AD5ABD7B877BDF37293E92755B... found it > WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Creating WikiContext for session > ID=860822AD5ABD7B877BDF37293E92755B; target=Login > WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Do we need to log the user in? false > UserDatabaseLoginModule wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Logged in loginName=test > UserDatabaseLoginModule wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Added Principals Role.AUTHENTICATED,Role.ALL > ... > SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@148f7e0, > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test, > target=com.ecyrd.jspwiki.WikiSession@1616dd6] > > When I log in using one of the scripted users I get the following: > > SessionMonitor wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Looking up WikiSession for session > ID=860822AD5ABD7B877BDF37293E92755B... found it > WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Creating WikiContext for session > ID=860822AD5ABD7B877BDF37293E92755B; target=Login > WikiContext wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Do we need to log the user in? false > AuthenticationManager wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - Failed login: The username or password is incorrect. > SecurityLog wiki:/wiki/Login.jsp wiki:http://localhost:8080/wiki/Login.jsp > - WikiSecurityEvent.LOGIN_FAILED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@148f7e0, > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, > target=com.ecyrd.jspwiki.WikiSession@1616dd6] > > As far as I can see on the second try I don't even get to look in > the database. For whatever reason the AuthenicationManager doesn't > even try to use the UserDatabaseLoginModule logic. > > Chris > > > > ----- Original Message ---- > From: Andrew Jaquith <andrew.jaquith@...> > To: "jspwiki-user@..." <jspwiki-user@... > > > Sent: Wednesday, 30 July, 2008 1:34:34 PM > Subject: Re: JBoss/MySQL combination - cannot create new users > > Chris -- > > The different 'WikiPrincipals' are just identifiers for the current > user. If you successfully authenticate, it will be the user name. If > not, it's the cookie vaue the user set, OR the IP address. > > Anyway, all your messages tell me is that the second user cannot > authenticate. One reason could be that the password you type in, once > hashed with SHA1, does not match the hash code in the password column. > If your database script generates passwords in clear text, by > definition it is not hashed, and authentication will fail. > > Another reason might me that the two users have the same wiki names, > full names, or login names. These are all supposed to be unique. So it > is a violation to have two users with different login names and full > names, but whose wiki names are both 'test'. > > On Jul 30, 2008, at 4:19 AM, Chris Mein <cdmein@...> wrote: > >> Hi >> >> I am running JBoss 4.0.5.GA with MySQL 5.0.27. I have installed >> JSPWiki and reconfigured the security to use a MySQL datasource (I >> followed along the Oracle installation instructions - http://doc.jspwiki.org/2.4/wiki/JDBCSecurityWithOracle >> ). Everything seems fine and I get the debugging messages: >> >> [UserManager] Attempting to load user database class >> com.ecyrd.jspwiki.auth.user.JDBCUserDatabase >> [AbstractUserDatabase] JDBCUserDatabase initialized from JNDI >> DataSource: jdbc/UserDatabase >> [AbstractUserDatabase] JDBCUserDatabase supports transactions. Good; >> we will use them. >> [UserManager] UserDatabase initialized. >> >> After setting up the JAAS configuration in the JBoss login- >> config.xml file as documented here (http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSJAASConfiguration >> ) I went through the JSPWiki front end I created an account called >> test. I can see when I run a select on the wiki_users database table >> and I can also log in correctly. >> >> However if I try and create a row in the database directly I can >> never log in with this user. I have simply copied the test record >> data into a temporary table and then re-inserted it into the users >> table. >> >> The only thing I can notice is that when I log in as 'test' I get a >> debug line like: >> >> INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515, >> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test, >> target=com.ecyrd.jspwiki.WikiSession@13f7175] >> >> When I log in as 'test2' (the copied record) I get: >> >> ERROR [SecurityLog] WikiSecurityEvent.LOGIN_FAILED >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@132c515, >> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal 127.0.0.1, >> target=com.ecyrd.jspwiki.WikiSession@13f7175] >> >> Why is the WikiPrincipal different? What is the WikiPrincipal? Help? >> >> I have hundreds of users I need to script the generation of, hence >> my headache... >> >> Thanks in advance >> >> Chris Mein >> >> >> >> __________________________________________________________ >> Not happy with your email address?. >> Get the one you really want - millions of new email addresses >> available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html > > > > __________________________________________________________ > Not happy with your email address?. > Get the one you really want - millions of new email addresses > available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html __________________________________________________________ Not happy with your email address?. Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
	Re: JBoss/MySQL combination - cannot create new users by Chris Mein :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Found the solution (got to love open source code). Anyway When I ran the JDBCUserDatabaseTest.testFindByEmail() on my system I got the following exception: "java.sql.Exception: Value '0000-00-00' can not be represented as 'java.sql.Timestamp" So it appears to me that the table definition doesn't work for MySQL. If anyone is reading this maybe this needs to be noted in the create_user.dll file. Thanks for you input Andrew Chris __________________________________________________________ Not happy with your email address?. Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
	Re: JBoss/MySQL combination - cannot create new users by Andrew Jaquith-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Chris -- Noting something about MySQL in the existing scripts won't help, because JSPWiki doesn't actually have any scripts for MySQL yet! At present, we just have scripts for HSQL and PostgreSQL. Interested in adapting the existing scripts for MySQL? The existing scripts are in the source tarball, in etc/db. If this is something you choose to do, you should then make sure all of the Ant tests run ok (at shell, type: "ant tests"), and attach the scripts to a new JIRA issue. The Ant build.xml file and build.properties file both have tips on how to run JDBC tests. If you don't want to go through all that trouble, I'd ask you to create a JIRA issue anyway -- that way it'll get fixed. Just maybe not as fast as if we had a user contribution. :) Thanks for chasing this down! Andrew On Jul 31, 2008, at 6:09 PM, Chris Mein wrote: > > Found the solution (got to love open source code). Anyway > > When I ran the JDBCUserDatabaseTest.testFindByEmail() on my system I > got the following exception: > > "java.sql.Exception: Value '0000-00-00' can not be represented as > 'java.sql.Timestamp" > > So it appears to me that the table definition doesn't work for > MySQL. If anyone is reading this maybe this needs to be noted in the > create_user.dll file. > > Thanks for you input Andrew > > Chris > > > > __________________________________________________________ > Not happy with your email address?. > Get the one you really want - millions of new email addresses > available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
	Re: JBoss/MySQL combination - cannot create new users by Chris Mein :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Andrew The timing couldn't be worse, my wife is expecting anytime now so I will be pressed to do anything for the next while! Adding MySQL (or Oracle) into the unit tests has the problem of the database needing to be up. I guess having this as a optional test harness would be best. I wonder whether it would be better to start the MySQL section by simply noting the differences with Oracle in the Wiki documentation entry or creating a new page. If you would like me to do that I am quite happy to as long as a default Wiki account can do that. I would then perhaps add in the JIRA entry about this to change the default names of the Wiki tables as they are named in the Oracle example (wiki_users, wiki_groups, etc.) Without doing this you will always have different table names making things a little more fiddly and confusing for a newcomer. Then maybe when appropriate that change along with adding Oracle and MySQL scripts and tests could be released together. Chris ----- Original Message ---- From: Andrew Jaquith <andrew.jaquith@...> To: jspwiki-user@... Sent: Friday, 1 August, 2008 2:20:49 PM Subject: Re: JBoss/MySQL combination - cannot create new users Chris -- Noting something about MySQL in the existing scripts won't help, because JSPWiki doesn't actually have any scripts for MySQL yet! At present, we just have scripts for HSQL and PostgreSQL. Interested in adapting the existing scripts for MySQL? The existing scripts are in the source tarball, in etc/db. If this is something you choose to do, you should then make sure all of the Ant tests run ok (at shell, type: "ant tests"), and attach the scripts to a new JIRA issue. The Ant build.xml file and build.properties file both have tips on how to run JDBC tests. If you don't want to go through all that trouble, I'd ask you to create a JIRA issue anyway -- that way it'll get fixed. Just maybe not as fast as if we had a user contribution. :) Thanks for chasing this down! Andrew On Jul 31, 2008, at 6:09 PM, Chris Mein wrote: > > Found the solution (got to love open source code). Anyway > > When I ran the JDBCUserDatabaseTest.testFindByEmail() on my system I > got the following exception: > > "java.sql.Exception: Value '0000-00-00' can not be represented as > 'java.sql.Timestamp" > > So it appears to me that the table definition doesn't work for > MySQL. If anyone is reading this maybe this needs to be noted in the > create_user.dll file. > > Thanks for you input Andrew > > Chris > > > > __________________________________________________________ > Not happy with your email address?. > Get the one you really want - millions of new email addresses > available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html __________________________________________________________ Not happy with your email address?. Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html

LightInTheBox - Buy quality products at wholesale price!