Jan,
This should work. But if the intent is to just
use the domain's default admin user as a user who can
access this web application, wouldn't it be more
advisable to just add the domain's default admin
user as a valid user for this application, keeping
the security constraints the same?
In other words, just use create-file-user command and add
the admin user there. No need to use the admin-realm
for this.
Hope I am not completely off-base.
Kedar
Jan Luehe wrote:
> Karthik,
>
> Karthik Sudarshan wrote On 11/13/06 01:08,:
>
>> Hi all,
>> I'm trying to implement authentication using j_security_check.
>> Till now it worked fine, when I added a new file user with a new
>> group. But what I want to do is use the default admin user. When I
>> checked the admin-realm the group defined was "asadmin". I've made
>> the following entry in web.xml :
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>SecureResource</web-resource-name>
>> <url-pattern>/authorized</url-pattern>
>> <http-method>GET</http-method>
>> <http-method>POST</http-method>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>asadmin</role-name>
>> </auth-constraint>
>> <user-data-constraint>
>> <transport-guarantee>NONE</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>>
>> and in sun-web.xml
>>
>> <sun-web-app>
>> <security-role-mapping>
>> <role-name>asadmin</role-name>
>> <group-name>asadmin</group-name>
>> </security-role-mapping>
>> </sun-web-app>
>>
>>
>>
>> But I get the following exception when I try to provide the
>> credentials of admin user :
>>
>> [#|2006-11-13T12:10:45.950+0530|INFO|sun-appserver-pe9.1|javax.enterprise.system.core.security|_ThreadID=15;_ThreadName=httpWorkerThread-8080-1;admin;|SEC5046:
>> Audit: Authentication refused for [admin].|#]
>>
>> [#|2006-11-13T12:10:45.950+0530|WARNING|sun-appserver-pe9.1|javax.enterprise.system.container.web|_ThreadID=15;_ThreadName=httpWorkerThread-8080-1;_RequestID=930578ad-a5c8-430a-ae48-abc6e85431af;|Web
>> login failed: Login failed: javax.security.auth.login.LoginException:
>> Failed file login for admin.|#]
>>
>>
>> Is there anything that I'm missing? Or is it just that I cannot use
>> the admin user for HTTP Form Based Authentication?
>
>
> I noticed the role referenced in your <auth-constraint> is not declared
> in your web.xml (using <security-role>), or maybe you just did not
> include
> that part of your web.xml in your email.
>
> Also, the role you want to grant access to is named "admin" (not
> "asadmin"),
> which belongs to the group named "asadmin."
>
> I'd just follow the config of the admingui.
>
> Applied to your example, that would mean:
>
> web.xml:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>SecureResource</web-resource-name>
> <url-pattern>/authorized</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>admin-realm</realm-name>
> <form-login-config>
> <form-login-page>YOUR_FORM_LOGIN_PAGE</form-login-page>
> <form-error-page>YOUR_FORM_ERROR_PAGE</form-error-page>
> </form-login-config>
> </login-config>
> <security-role>
> <role-name>admin</role-name>
> </security-role>
>
> sun-web.xml:
>
> <security-role-mapping>
> <role-name>admin</role-name>
> <principal-name>admin</principal-name>
> <group-name>asadmin</group-name>
> </security-role-mapping>
>
>
> Jan
>
>>
>> Regards,
>> Karthik
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>