dev@glassfish.java.net

Re: HTTP Form based authentication

From: Jan Luehe <Jan.Luehe_at_Sun.COM>
Date: Mon, 13 Nov 2006 09:44:55 -0800

Karthik,

Karthik Sudarshan wrote On 11/13/06 01:08,:

> Hi all,
> I'm trying to implement authentication using j_security_check. Till
> now it worked fine, when I added a new file user with a new group. But
> what I want to do is use the default admin user. When I checked the
> admin-realm the group defined was "asadmin". I've made the following
> entry in web.xml :
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>SecureResource</web-resource-name>
> <url-pattern>/authorized</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>asadmin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> and in sun-web.xml
>
> <sun-web-app>
> <security-role-mapping>
> <role-name>asadmin</role-name>
> <group-name>asadmin</group-name>
> </security-role-mapping>
> </sun-web-app>
>
>
>
> But I get the following exception when I try to provide the
> credentials of admin user :
>
> [#|2006-11-13T12:10:45.950+0530|INFO|sun-appserver-pe9.1|javax.enterprise.system.core.security|_ThreadID=15;_ThreadName=httpWorkerThread-8080-1;admin;|SEC5046:
> Audit: Authentication refused for [admin].|#]
>
> [#|2006-11-13T12:10:45.950+0530|WARNING|sun-appserver-pe9.1|javax.enterprise.system.container.web|_ThreadID=15;_ThreadName=httpWorkerThread-8080-1;_RequestID=930578ad-a5c8-430a-ae48-abc6e85431af;|Web
> login failed: Login failed: javax.security.auth.login.LoginException:
> Failed file login for admin.|#]
>
>
> Is there anything that I'm missing? Or is it just that I cannot use
> the admin user for HTTP Form Based Authentication?


I noticed the role referenced in your <auth-constraint> is not declared
in your web.xml (using <security-role>), or maybe you just did not include
that part of your web.xml in your email.

Also, the role you want to grant access to is named "admin" (not "asadmin"),
which belongs to the group named "asadmin."

I'd just follow the config of the admingui.

Applied to your example, that would mean:

web.xml:

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>SecureResource</web-resource-name>
            <url-pattern>/authorized</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
    <realm-name>admin-realm</realm-name>
        <form-login-config>
            <form-login-page>YOUR_FORM_LOGIN_PAGE</form-login-page>
            <form-error-page>YOUR_FORM_ERROR_PAGE</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <role-name>admin</role-name>
    </security-role>

sun-web.xml:

    <security-role-mapping>
        <role-name>admin</role-name>
        <principal-name>admin</principal-name>
        <group-name>asadmin</group-name>
    </security-role-mapping>


Jan

>
> Regards,
> Karthik
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>