Reputation: 407
JAAS Autentication fails on JBoss AS 7
We have ported our application from Glassfish to JBOSS AS 7. We use JAAS form based authentication with JDBCRealm. The problem is that AS 7 uses ISO-8955-1 encoding when submitting the form. We have had this problem with all our other forms but we solved this with a servlet filter converting to UTF-8, this solution is the recommended workaround https://bugzilla.redhat.com/show_bug.cgi?id=832235.
During the form based authentication we cannot put a filter in between so the autentication fails. Any known workaround?
username used: user%&;/()=?`\*^ÄÅÖ_:;: -+}][{€$£@8ks6fje739ajf6 but as you can see it contains incorrect characters.
17:16:59,601 DEBUG [org.apache.tomcat.util.http.Cookies] (http--127.0.0.1-9443-5) Cookies: Parsing b[]: JSESSIONID=FbiZG09BOiprQfUMTmdirSrq.undefined
17:16:59,603 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-9443-5) Security checking request POST /j_security_check
17:16:59,604 DEBUG [org.apache.tomcat.util.http.Parameters] (http--127.0.0.1-9443-5) Set encoding to ISO-8859-1
17:16:59,604 DEBUG [org.apache.tomcat.util.http.Parameters] (http--127.0.0.1-9443-5) Set query string encoding to ISO-8859-1
17:16:59,604 DEBUG [org.apache.tomcat.util.http.Parameters] (http--127.0.0.1-9443-5) Start processing with input [j_username=user%25%26%2F%28%29%3D%3F%60%5C%5C*%5E%C3%84%C3%85%C3%96_%3A%3B%3A+-%2B%5C%7D%5D%5B%7B%E2%82%AC%24%C2%A3%408ks6fje739ajf6&j_password=admin]
17:16:59,605 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--127.0.0.1-9443-5) Authenticating username 'user%&/()=?`\\*^���_:;: -+\}][{�$£@8ks6fje739ajf6'
Upvotes: 1
Views: 1791
Answers (2)
Reputation: 407
Finally .... The solution is to configure org.apache.catalina.authenticator.FormAuthenticator in Tomcat to use UTF-8. After some struggling finding how to confiure this in AS 7.1.1 I found out that you configure it in jboss-web.xml like so
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>MySecurityDomain</security-domain>
<valve>
<class-name>org.apache.catalina.authenticator.FormAuthenticator</class-name>
<param>
<param-name>characterEncoding</param-name>
<param-value>UTF-8</param-value>
</param>
</valve>
</jboss-web>
Upvotes: 2
Reputation: 9
Please follow this step by step guide and let us know if it worked for you. http://amatya.net/blog/implementing-security-with-jaas-in-jboss-as-7/
Upvotes: 0
Related Questions
- JBoss JAAS custom Login Module Error messages
- JBoss authentication issue
- JBoss AS: No valid security context for the caller identity
- Cannot authenticate through JBoss AS 7 security subsystem
- How can i have JAAS authentication in JBoss call a java server class?
- JAAS authentication not invoked on subsequent requests
- JBoss 7.1 Database based JAAS authentication - authentication failed
- Problem with JAAS and DatabaseServerLoginModule
- JAAS and JBOSS 5 problem with principal
- JAAS Form Authentication always failing in Jboss