Hey guys,
I've recently loaded Hudson (
http://hudson.dev.java.net) into GlassFish (build b02-p01). I then configured Hudson to require a login. I setup the necessary user, password, and role within glassfish.
When I try to log into Hudson, if I enter a bad username or password, I am redirected to the loginError page, just like I should. If I enter the correct username and password, I get a 403 error from GlassFish.
Details:
===============
web.xml
===============
<security-role>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Hudson</web-resource-name>
<url-pattern>/loginEntry</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>admin-realm</realm-name>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/loginError</form-error-page>
</form-login-config>
</login-config>
=============
Extra Info
=============
loginError is a make-believe URL. It exists only for GlassFish/Tomcat, such that going to that URL will cause the login sequence to begin. From there on out, Hudson uses isUserInRole() to check to make sure the user is authenticated.
Thanks
Richard Bair
PS> For you Sun guys, I'm in SCA. If you can, I'd love to bring my laptop over and debug the thing. I just want to get back to my job -- writing Swing components :-)
[Message sent by forum member 'rbair' (rbair)]
http://forums.java.net/jive/thread.jspa?messageID=202800