I got a problem with authentication and JBoss AS 7.1.1.Final "Brontes" and JSF 2.0
jboss-web.xml
<jboss-web>
<security-domain>testRealm</security-domain>
</jboss-web>
web.xml
<security-constraint>
<display-name>login_web_displayname</display-name>
<web-resource-collection>
<web-resource-name>web_main</web-resource-name>
<url-pattern>/web/*</url-pattern>
<http-method>TRACE</http-method>
<http-method>OPTIONS</http-method>
<http-method>HEAD</http-method>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>login_web</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>testRealm</realm-name>
<form-login-config>
<form-login-page>/security/login.xhtml</form-login-page>
<form-error-page>/security/loginerror.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>login_web</role-name>
</security-role>
login.xml
<h:form id="j_login">
<p:panel style="width: 600px; margin: auto">
<f:facet name="header">
<h:outputLabel value="Authentifizierung" />
</f:facet>
<h:panelGrid columns="3">
<h:column>
<h:outputLabel value="Benutzername:" for="username" />
</h:column>
<h:column>
<h:inputText size="30" id="username" required="true"
requiredMessage="Bitte Benutzernamen eingeben!"
value="#{webBean.username}" />
</h:column>
<h:column>
<h:message for="username" style="FONT-SIZE: small;" />
</h:column>
<h:column>
<h:outputLabel for="password" value="Passwort:" />
</h:column>
<h:column>
<h:inputSecret size="30" id="password" required="true"
requiredMessage="Bitte Passwort eingeben!"
value="#{webBean.passwort}" />
</h:column>
<h:column>
<h:message for="password" style="FONT-SIZE: small;" />
</h:column>
<h:column>
</h:column>
<h:column>
<h:commandButton id="loginbtn" action="#{webBean.submitLogin}"
value="Anmelden" />
</h:column>
</h:panelGrid>
</p:panel>
</h:form>
JBoss standalone.xml
<security-domain name="testRealm" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/jbossauth"/>
<module-option name="principalsQuery" value="select password from users where name=?"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="hashCharset" value="UTF-8"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
</authentication>
</security-domain>
I get always the exception:
Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_65]
Full stacktrace:
18:15:22,445 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-bn-ws0044.bva.de-10.12.1.52-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_65]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_65]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_65]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_65]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_65]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_65]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_65]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_65]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_65]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_65]
at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_65]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:381) [jbossweb-7.0.13.Final.jar:]
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_65]
The Passwort is right ("wurst" aka "i6RvA50nWSDriR8f9kXwWQ=="
created with linux "echo -n wurst | openssl dgst -MD5 -binary | openssl base64")
I can see in the SQL Profiler that the Databaseconnection is working, ...I tried plain text, still the same error
Any help would be very appreciated!
I had the same problem once.
You should create jboss-web.xml file in the same folder where is your web.xml (WEB-INF). Then, you should write it's body like this:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/testRealm</security-domain>
</jboss-web>