0
votes

I'm trying to set up a very basic JDBC realm authentication in Glassfish 3.1. The application consists of an EJB with one business method, and a remote client application (not a webapp). I think I'm missing something fundamental here.

I've followed the Java EE 6 tutorial, and completed all the steps. I don't get any errors, but it never accepts the username and password as correct. My best guess is that there may be a problem with the structure of the table used for authentication, since I'm trying to use a single table to store users AND groups. (It's mentioned in another post by someone more knowledgeable than me that this is possible, and the official tutorial also uses a single table. All of my users will be in one group ('users'), so I would prefer not to create a second table. I want to keep the app as simple as possible.)

I have a database ('auth') with one table ('ACCOUNTS'), this has 3 fields: 'NAME' which is the primary key, 'PASSWORD' and 'GROUPS'. I don't have any constraints on the table.

I added a user:

INSERT INTO ACCOUNTS (NAME, PASSWORD, GROUPS) VALUES ('Bob', 'bob', 'users');

My glassfish-application.xml has the role mapping and the realm specified:

<glassfish-application>
  <security-role-mapping>
    <role-name>users</role-name>
    <group-name>users</group-name>
  </security-role-mapping>
  <realm>jdbcRealm</realm>
</glassfish-application>

The realm settings: (Glassfish screenshot)

Realm Name: jdbcRealm
JAAS Context: jdbcRealm
User Table: auth.ACCOUNTS
User Name Column: name
Password Column: password
Group Table: auth.ACCOUNTS
Group Name Column: groups

The bean:

@Stateless
@DeclareRoles("users") 
public class ProtectedBean implements ProtectedBeanRemote {
    private static final Logger logger = Logger.getLogger(ProtectedBean.class.getName());

    @Override
    @RolesAllowed("users")
    public void doProtectedStuff() {
        logger.log(Level.INFO, "Protected method accessed.");
    }

}

The JDBC connection pool and resource are also created.

When I call the bean from the remote client, the login prompt appears. I type the name and password, and then I get a SecurityException:

javax.security.auth.login.LoginException: Security Exception
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:870)
    ...
Caused by: java.lang.SecurityException
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:871)

After this, the login window appears again, like when the name/password is wrong. When I use the file realm, it works perfectly, but not with the jdbc realm.

Should the table be different? (Should I use multiple tables?) Or am I doing something else wrong? Thanks in advance!

1
Yes, jdbcRealm works even with a single table. The setup you are showing looks fine. Likely you have an error in the jdbc resource definition or in web.xml - perissf
I double checked the jdbc resource, and I don't have a web.xml, because I have a standalone client app, as I said. I still don't know what the problem is, but now I know that at least the database setup is OK. Thanks for reading. - icecreamfields

1 Answers

0
votes

The value of the group name should be uppercase