JDBC Security Realm - GLASSFISH - NetBeans - Can Never Authenticate ? Why?
https://stackoverflow.com/questions/12064045
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have tried setting up a JDBC Authentication Realm as follows
1-I configured a JDBC connection pool and named it mysql_acme_rootPool
2-Tested the above pool by clicking PING and its successful.
3-I then went to configuration>>Server Configuration>>Security>>Realms and created a new realm called myRealm
Here are some snapshots of the configuration
After scrolling down
Now the problem is even if I enter the correct password I get the pop-up login screen again as if my password was invalid. Any way I can see what the query is being generated ? How can I narrow down the problem ? is it in my netbeans configuration ? or web.xml ?? Where ??
Here is my web.xml portion
<security-constraint>
<display-name>SecurePlace</display-name>
<web-resource-collection>
<web-resource-name>Secure Place</web-resource-name>
<description>Description here</description>
<url-pattern>/Secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>descrition here</description>
<role-name>Regular-Group</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myRealm</realm-name>
</login-config>
<security-role>
<role-name>Regular-Group</role-name>
</security-role>
I am using SSH could it be that is causing a problem ?? Any suggestions ???
La solution
First of all, what is Your log output?? Change the security log level to finest and share the output.
Quick thoughts for now:
- You can't have normalised tables in jdbcRealm for Glassfish.
You must have either one table with all
"username" "pasword" "role"
or two tables
"username" "password"
and
"username" "role"
and the "username" column name and content must be equal in both tables
- Do you store your passwords in plain/text or MD5 or SHA-1 SHA-2? remember to specify correct password hash method. as you see default value is SHA-256
All in all It can be either "unauthorised error" for correct database connection and wrong passes or some kind of configuration error i.e. "no login module found". We need log details.
