Thanks Ron. Looks like the blog may help my usecase, but i am not clear
on few things. Some example may help. Let me explain what i did.
1. I created a group "group1" in "Assign Group:" in admin console
2. I created a user "user1" and in the "Group List", i added "group1" in
adminconsole
Unless i have the following entries in web.xml & sun-web.xml, i will not
be able to login(using FORM authentication as mentioned in my earlier
mail). What i was looking for is a way to allow the users that is being
created to be able to login. i.e if a create a new user "user2", again i
have to update web.xml and sun-web.xml in order for that user to be
authenticated. I want to avoid this.
web.xml:
<security-role>
<role-name>user1</role-name>
</security-role>
sun-web.xml :
<security-role-mapping>
<role-name>user1</role-name>
<group-name>group1</group-name>
</security-role-mapping>
Thanks for the help,
Deepak
> Deepak,
>
> I may not understand your use case, but if you want to configure your
> app so that any authenticated user may access it then please take a
> look at:
>
> http://blogs.sun.com/monzillo/entry/how_to_define_an_anyone
>
> in effect, the above approach ensures that every user is mapped to an
> assigned role, as a side effect of authentication. this role can then
> be used to differentiate any authenticated user (from an
> unathenticated user).
>
> also, if you are willing to "administratively" add users to a group as
> you have done in your example below, then "any user that is created
> should be able to login", if you define your role mapping based on a
> role mapped to that group.
>
> 1. map role to group
>
> 2. either administratively or via "assign-groups" as described (in the
> link above) ensure that every authenticated user is added top the group.
>
> 3. use role is security-constraint to protect resources (and force
> login),
>
> Ron
>
> Wouter van Reeven wrote:
>> Hi Deepak,
>>
>>
>> As far as I am aware this is not possible. However, if someone knows
>> a way
>> around this I'll be interested as well.
>>
>>
>> Greets, Wouter van Reeven
>>
>> On Thu, Jan 24, 2008 at 06:20:39PM +0530, Deepak Gothe wrote:
>>
>>> Hi,
>>> I have a question regarding providing access to a user created in
>>> admin-realm using Glassfish admin console. Following are the steps
>>> that i performed..
>>>
>>> 1. Create a user with user id as "deepak" and Group List as "group1"
>>> in admin-realm using the admin console
>>>
>>> 2. Add the following in the web.xml
>>>
>>> <security-constraint>
>>> <web-resource-collection>
>>> <web-resource-name>SecureResource</web-resource-name>
>>> <url-pattern>/authorized</url-pattern>
>>> <http-method>GET</http-method>
>>> <http-method>POST</http-method>
>>> </web-resource-collection>
>>> <auth-constraint>
>>> <role-name>*</role-name>
>>> </auth-constraint>
>>> <user-data-constraint>
>>> <transport-guarantee>NONE</transport-guarantee>
>>> </user-data-constraint>
>>> </security-constraint>
>>>
>>> <login-config>
>>> <auth-method>FORM</auth-method>
>>> <realm-name>admin-realm</realm-name>
>>> <form-login-config>
>>> <form-login-page>/login.jsp</form-login-page>
>>> <form-error-page>/error.jsp</form-error-page>
>>> </form-login-config>
>>> </login-config>
>>>
>>> <security-role>
>>> <role-name>deepak</role-name>
>>> </security-role>
>>>
>>> 3. Add the following in the sun-web.xml
>>>
>>> <security-role-mapping>
>>> <role-name>deepak</role-name>
>>> <group-name>group1</group-name>
>>> </security-role-mapping>
>>>
>>>
>>> login.jsp is the form that use j_security_check. After the above
>>> changes I can login as user "deepak". Now if I create a new user say
>>> "user1" in the group "group2" and want that user to login, I need to
>>> modify both web.xml and sun-web.xml. This is not desirable. Once i
>>> deploy the webapp, any user that is created should be able to login.
>>> Is there a way to achieve this. This is needed to implement
>>> "isUserInRole" functionality in OpenPortal Portlet Container Driver.
>>>
>>> Thanks in advance,
>>> Deepak
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>