Kedar,
kedar wrote On 11/13/06 12:12,:
> Jan,
>
> This should work. But if the intent is to just
> use the domain's default admin user as a user who can
> access this web application, wouldn't it be more
> advisable to just add the domain's default admin
> user as a valid user for this application, keeping
> the security constraints the same?
>
> In other words, just use create-file-user command and add
> the admin user there. No need to use the admin-realm
> for this.
>
> Hope I am not completely off-base.
I have to admit I'm not sure I completely understood Karthik's
original request, in part because his web.xml was not complete.
I interpreted Karthik's request to mean that he wanted
to treat his own app as an "admin" app, since he mentioned
admin-realm and also listed "asadmin" as the role name to
which access should be granted. The "asadmin" group is known
only inside the admin-realm, right? That's why I suggested
he leverage the admin-realm.
Maybe Karthik can explain what exactly he is trying to achieve -
and include a full web.xml. :)
Jan
>
> Kedar
>
>
> Jan Luehe wrote:
>
>> Karthik,
>>
>> Karthik Sudarshan wrote On 11/13/06 01:08,:
>>
>>> Hi all,
>>> I'm trying to implement authentication using j_security_check.
>>> Till now it worked fine, when I added a new file user with a new
>>> group. But what I want to do is use the default admin user. When I
>>> checked the admin-realm the group defined was "asadmin". I've made
>>> the following entry in web.xml :
>>>
>>> <security-constraint>
>>> <web-resource-collection>
>>> <web-resource-name>SecureResource</web-resource-name>
>>> <url-pattern>/authorized</url-pattern>
>>> <http-method>GET</http-method>
>>> <http-method>POST</http-method>
>>> </web-resource-collection>
>>> <auth-constraint>
>>> <role-name>asadmin</role-name>
>>> </auth-constraint>
>>> <user-data-constraint>
>>> <transport-guarantee>NONE</transport-guarantee>
>>> </user-data-constraint>
>>> </security-constraint>
>>>
>>> and in sun-web.xml
>>>
>>> <sun-web-app>
>>> <security-role-mapping>
>>> <role-name>asadmin</role-name>
>>> <group-name>asadmin</group-name>
>>> </security-role-mapping>
>>> </sun-web-app>
>>>
>>>
>>>
>>> But I get the following exception when I try to provide the
>>> credentials of admin user :
>>>
>>> [#|2006-11-13T12:10:45.950+0530|INFO|sun-appserver-pe9.1|javax.enterprise.system.core.security|_ThreadID=15;_ThreadName=httpWorkerThread-8080-1;admin;|SEC5046:
>>> Audit: Authentication refused for [admin].|#]
>>>
>>> [#|2006-11-13T12:10:45.950+0530|WARNING|sun-appserver-pe9.1|javax.enterprise.system.container.web|_ThreadID=15;_ThreadName=httpWorkerThread-8080-1;_RequestID=930578ad-a5c8-430a-ae48-abc6e85431af;|Web
>>> login failed: Login failed:
>>> javax.security.auth.login.LoginException: Failed file login for
>>> admin.|#]
>>>
>>>
>>> Is there anything that I'm missing? Or is it just that I cannot use
>>> the admin user for HTTP Form Based Authentication?
>>
>>
>>
>> I noticed the role referenced in your <auth-constraint> is not declared
>> in your web.xml (using <security-role>), or maybe you just did not
>> include
>> that part of your web.xml in your email.
>>
>> Also, the role you want to grant access to is named "admin" (not
>> "asadmin"),
>> which belongs to the group named "asadmin."
>>
>> I'd just follow the config of the admingui.
>>
>> Applied to your example, that would mean:
>>
>> web.xml:
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>SecureResource</web-resource-name>
>> <url-pattern>/authorized</url-pattern>
>> <http-method>GET</http-method>
>> <http-method>POST</http-method>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>admin</role-name>
>> </auth-constraint>
>> </security-constraint>
>> <login-config>
>> <auth-method>FORM</auth-method>
>> <realm-name>admin-realm</realm-name>
>> <form-login-config>
>> <form-login-page>YOUR_FORM_LOGIN_PAGE</form-login-page>
>> <form-error-page>YOUR_FORM_ERROR_PAGE</form-error-page>
>> </form-login-config>
>> </login-config>
>> <security-role>
>> <role-name>admin</role-name>
>> </security-role>
>>
>> sun-web.xml:
>>
>> <security-role-mapping>
>> <role-name>admin</role-name>
>> <principal-name>admin</principal-name>
>> <group-name>asadmin</group-name>
>> </security-role-mapping>
>>
>>
>> Jan
>>
>>>
>>> Regards,
>>> Karthik
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>