Deepak,
I may not understand your use case, but if you want to configure your
app so that any authenticated user may access it then please take a look at:
http://blogs.sun.com/monzillo/entry/how_to_define_an_anyone
in effect, the above approach ensures that every user is mapped to an
assigned role, as a side effect of authentication. this role can then be
used to differentiate any authenticated user (from an unathenticated user).
also, if you are willing to "administratively" add users to a group as
you have done in your example below, then "any user that is created
should be able to login", if you define your role mapping based on a
role mapped to that group.
1. map role to group
2. either administratively or via "assign-groups" as described (in the
link above) ensure that every authenticated user is added top the group.
3. use role is security-constraint to protect resources (and force login),
Ron
Wouter van Reeven wrote:
> Hi Deepak,
>
>
> As far as I am aware this is not possible. However, if someone knows a way
> around this I'll be interested as well.
>
>
> Greets, Wouter van Reeven
>
> On Thu, Jan 24, 2008 at 06:20:39PM +0530, Deepak Gothe wrote:
>
>>Hi,
>> I have a question regarding providing access to a user created in
>>admin-realm using Glassfish admin console. Following are the steps that
>>i performed..
>>
>>1. Create a user with user id as "deepak" and Group List as "group1" in
>>admin-realm using the admin console
>>
>>2. Add the following in the web.xml
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>SecureResource</web-resource-name>
>> <url-pattern>/authorized</url-pattern>
>> <http-method>GET</http-method>
>> <http-method>POST</http-method>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>*</role-name>
>> </auth-constraint>
>> <user-data-constraint>
>> <transport-guarantee>NONE</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>>
>> <login-config>
>> <auth-method>FORM</auth-method>
>> <realm-name>admin-realm</realm-name>
>> <form-login-config>
>> <form-login-page>/login.jsp</form-login-page>
>> <form-error-page>/error.jsp</form-error-page>
>> </form-login-config>
>> </login-config>
>>
>> <security-role>
>> <role-name>deepak</role-name>
>> </security-role>
>>
>>3. Add the following in the sun-web.xml
>>
>> <security-role-mapping>
>> <role-name>deepak</role-name>
>> <group-name>group1</group-name>
>> </security-role-mapping>
>>
>>
>>login.jsp is the form that use j_security_check. After the above changes
>>I can login as user "deepak". Now if I create a new user say "user1" in
>>the group "group2" and want that user to login, I need to modify both
>>web.xml and sun-web.xml. This is not desirable. Once i deploy the
>>webapp, any user that is created should be able to login. Is there a way
>>to achieve this. This is needed to implement "isUserInRole"
>>functionality in OpenPortal Portlet Container Driver.
>>
>>Thanks in advance,
>>Deepak
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>