Hi,
In appserver, we need to have security-role-mapping.
There are two ways to achieve this:
1) add security-role-mapping to sun-web.xml for war file or
sun-application.xml to ear file
2) go to admin gui to enable default principal to role mapping, restart
the server and redeploy the application
Thanks.
Shing Wai Chan
Dennis Gesker wrote:
> I'm attempting to move a small application from JBoss to
> Glassfish-v2-b28. But I seem to be having a small (i hope) issue with
> configuring JDBCRealm in my application. I think I'm close but I could
> use a hint to get the rest of the way.
>
> Using the admin console I added a jdbc realm setting the necessary
> properties. I added a few entries to my war archive (part of an ear) so
> the application would look to the jdbc-realm for its form login. When I
> run the application the server refers me to the login page as expected.
> When I attempt to login the server logs (set to FINEST on security)
> indicate a successful login. Also, I see messages in the logs which seem
> to indicate that the server can see the roles associated with my login.
> However, after leaving the login page I get an:
>
> Access to the requested resource has been denied
>
> for the index.jsp file and the logs indicate that 'result was (false)
> permission' for index.jsp.
>
> Could someone offer a hint on what I might do next to trouble shoot this
> issue?
>
> Below is a snipped of my web.xml file:
>
> <!-- Authentication -->
>
> <security-constraint>
>
> <display-name>DefaultSecurityConstraintForThisApplication</display-name>
> <web-resource-collection>
> <web-resource-name>restricted</web-resource-name>
> <url-pattern>/index.jsp</url-pattern>
> <url-pattern>/pages</url-pattern>
> <url-pattern>/pages/*</url-pattern>
> </web-resource-collection>
>
> <auth-constraint>
> <role-name>admin</role-name>
> <role-name>Admin</role-name>
> <role-name>employee</role-name>
> <role-name>manager</role-name>
> <role-name>quality</role-name>
> <role-name>supervisor</role-name>
> <role-name>syadmin</role-name>
> </auth-constraint>
> </security-constraint>
>
> <security-role>
> <role-name>admin</role-name>
> </security-role>
> <security-role>
> <role-name>Admin</role-name>
> </security-role>
> <security-role>
> <role-name>employee</role-name>
> </security-role>
> <security-role>
> <role-name>manager</role-name>
> </security-role>
> <security-role>
> <role-name>quality</role-name>
> </security-role>
> <security-role>
> <role-name>supervisor</role-name>
> </security-role>
> <security-role>
> <role-name>syadmin</role-name>
> </security-role>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>jdbc-realm</realm-name>
> <form-login-config>
> <form-login-page>/auth.jsp</form-login-page>
> <form-error-page>/autherror.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> Dennis
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>