Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1455

DB query seen for each request using programatic authentication

    XMLWordPrintable

    Details

      Description

      User is complaining, that DB is accessed on each request.

      Jdbc-realm + FORM authentication

      <jdbc-realm name="myappRealm">
                          <principal-query sql="SELECT r.role, u.password FROM user u join user_role_auth r on r.email = u.email where u.email=?" data-source="myds">
                              <attribute-mapping>
                                  <attribute to="Roles" index="1"/>
                              </attribute-mapping>
                              <simple-digest-mapper password-index="2"/>
                          </principal-query>
                      </jdbc-realm>
      

      2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Principal assigning: [alberto@myapp.com], pre-realm rewritten: [alberto@myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto@myapp.com], realm rewritten: [alberto@myapp.com]
      2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto@myapp.com
      2017-11-30 09:31:04,051 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto@myapp.com
      2017-11-30 09:31:04,052 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto@myapp.com
      2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto@myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
      2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing principal alberto@myapp.com.
      2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing against the following attributes: [roles] => [Administrator]
      2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Permission mapping: identity [alberto@myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
      2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorization succeed
      2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto@myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
      2017-11-30 09:31:07,017 TRACE [org.wildfly.security] (default task-125) Principal assigning: [alberto@myapp.com], pre-realm rewritten: [alberto@myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto@myapp.com], realm rewritten: [alberto@myapp.com]
      2017-11-30 09:31:07,018 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto@myapp.com
      2017-11-30 09:31:07,019 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto@myapp.com
      2017-11-30 09:31:07,021 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto@myapp.com
      2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto@myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
      2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Authorizing principal alberto@myapp.com.
      2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorizing against the following attributes: [roles] => [Administrator]
      2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Permission mapping: identity [alberto@myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
      2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorization succeed
      2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto@myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
      

        Gliffy Diagrams

          Attachments

          1. elytron-bug.zip
            37 kB
          2. server.log
            319 kB
          3. standalone-full-ha.xml
            41 kB

            Issue Links

              Activity

                People

                • Assignee:
                  dlofthouse Darran Lofthouse
                  Reporter:
                  mchoma Martin Choma
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated: