quality@glassfish.java.net

Glassfish 3: JDBC Realm in web applications

From: Edson Richter <edsonrichter_at_hotmail.com>
Date: Tue, 21 Apr 2009 22:02:19 +0000

Dear all.

I know this is not the list to request support.
I would like to just setup a scenario that is not working with Glassfish 3 Prelude:

1) In NetBeans, create web application.
2) Set security in web.xml as follows:

    <security-constraint>
        <display-name>UsuarioConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>all</web-resource-name>
            <description/>
            <url-pattern>/</url-pattern>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description>Only authorized users.</description>
            <role-name>usuario</role-name>
            </auth-constraint>
        <user-data-constraint>
            <description/>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
        </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>jdbcRealm</realm-name>
        </login-config>
    <security-role>
        <description/>
        <role-name>usuario</role-name>
    </security-role>

3) Configure JDBC Pool, JDBC Resource and JDBC Realm (jdbcRealm)

4) Deploy application

When I run (with FINEST security log level), I got:

[#|2009-04-21T18:42:15.038-0300|FINE|glassfish|javax.enterprise.system.core.security|_ThreadID=18;_ThreadName=Thread-3;ClassName=null;MethodName=null;|[Web-Security] hasResource perm: (javax.security.jacc.WebResourcePermission /index.jsp GET)|#]

[#|2009-04-21T18:42:15.042-0300|FINEST|glassfish|javax.enterprise.system.core.security|_ThreadID=18;_ThreadName=Thread-3;ClassName=null;MethodName=null;|Processing login with credentials of type: class com.sun.enterprise.security.auth.login.common.PasswordCredential|#]

[#|2009-04-21T18:42:15.045-0300|FINE|glassfish|javax.enterprise.system.core.security|_ThreadID=18;_ThreadName=Thread-3;ClassName=null;MethodName=null;|Logging in user [Marcelo] into realm: file using JAAS module: fileRealm|#]

[#|2009-04-21T18:42:15.112-0300|FINE|glassfish|javax.enterprise.system.core.security|_ThreadID=18;_ThreadName=Thread-3;ClassName=null;MethodName=null;|Login module initialized: class com.sun.enterprise.security.auth.login.FileLoginModule|#]

[#|2009-04-21T18:42:15.113-0300|FINE|glassfish|javax.enterprise.system.core.security|_ThreadID=18;_ThreadName=Thread-3;ClassName=null;MethodName=null;|No such user: [Marcelo]|#]


So, why is Glassfish using "fileReam" (Glassfish defaults) since my web.xml explicits ask for "jdbcRealm"???

I googled a bit around for more information, but everything I've found so far is that is necessary to put "<realm>jdbcRealm</realm>" in sun-application.xml. The point is: this is an web app, there is no sun-application.xml

So, I think it's necessary to add a test case for that, as well to fix this little bug...


Thanks,

Edson Richter


_________________________________________________________________
Novo Windows Live: Messenger 2009 e muito mais. Descubra!
http://www.windowslive.com.br
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.