users@glassfish.java.net

Re: Auth problems with UR1

From: Edson Carlos Ericksson Richter <edson.richter_at_mgrinformatica.com.br>
Date: Mon, 19 Jun 2006 16:08:24 -0300

Thank you for your feedback.
In real, the problem appear on Glassfish b48, but not as much as in UR1.
I had exhaustive investigation, and I must correct my self. The problem
don't appear be the authentication, but session expiration.

If I stop to work for some seconds, session is expired, and
authentication is asked again.
Revelent session on web.xml:


<session-config>
    <session-timeout>30</session-timeout>
  </session-config>

AFAIK, time in session-timeout is in minutes. Could you correct me?
Is possible Glassfish be overriding session timeout with some value
defined on admin console?

Richter



Shing Wai Chan escreveu:
> Edson Carlos Ericksson Richter wrote:
>> Hi!
>>
>> I just downloaded Glassfish UR1 from site, and I'm getting problems
>> with authentication.
>> I've a secure area with following web.xml:
>>
>> <security-constraint>
>> <display-name>Admin constraints</display-name>
>> <web-resource-collection>
>> <web-resource-name>AdminSecurity</web-resource-name>
>> <description/>
>> <url-pattern>/secure/*</url-pattern>
>> <http-method>GET</http-method>
>> <http-method>POST</http-method>
>> <http-method>HEAD</http-method>
>> <http-method>PUT</http-method>
>> <http-method>OPTIONS</http-method>
>> <http-method>TRACE</http-method>
>> <http-method>DELETE</http-method>
>> </web-resource-collection>
>> <web-resource-collection>
>> <web-resource-name>FacesAdminSecurity</web-resource-name>
>> <description/>
>> <url-pattern>/faces/secure/*</url-pattern>
>> <http-method>GET</http-method>
>> <http-method>POST</http-method>
>> <http-method>HEAD</http-method>
>> <http-method>PUT</http-method>
>> <http-method>OPTIONS</http-method>
>> <http-method>TRACE</http-method>
>> <http-method>DELETE</http-method>
>> </web-resource-collection>
>> <auth-constraint>
>> <description/>
>> <role-name>admin</role-name>
>> </auth-constraint>
>> <user-data-constraint>
>> <description/>
>> <transport-guarantee>NONE</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>>
>> It works fine on b48, but with UR1, it keep asking user/password
>> every access.
>> This is a known issue, or should I bug report it?
> This is part of sanctity tests.
> Do you really have the user/pwd in corresponding realm?
> Do you have the principal to role mapping in sun-*.xml?
> Can you double check the message if there is any message in server.log?
> Please let us know.
> Thanks.
> Shing Wai Chan
>
>>
>> Richter
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>
>