users@glassfish.java.net

security-role-mapping doesn't appear to be working

From: <glassfish_at_javadesktop.org>
Date: Wed, 16 May 2007 13:39:27 PDT

Below is my configuration information. Authentication is successfully completing, but it doesn't seem that the security roles are being properly mapped. Any help figuring out why this isn't working would be much appreciated.

I'm using the following version of Glassfish:
Sun Java System Application Server Platform Edition 9.0_01 (build b02-p01)

sun-web.xml:
[code]
  <security-role-mapping>
    <role-name>AUTHENTICATED</role-name>
    <group-name>Operations</group-name>
  </security-role-mapping>
[/code]

web.xml:
[code]
    <security-constraint>
        <display-name>Constraint1</display-name>
        <web-resource-collection>
            <web-resource-name>Whatever</web-resource-name>
            <description/>
            <url-pattern>/assets/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>HEAD</http-method>
            <http-method>PUT</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>AUTHENTICATED</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>Intranet</realm-name>
    </login-config>
    <security-role>
        <description/>
        <role-name>AUTHENTICATED</role-name>
    </security-role>
[/code]

Log output:
[code]
[Web-Security] Policy Context ID was: intranet/intranet-war_war
[Web-Security] Generating a protection domain for Permission check.
[Web-Security] Checking with Principal : jrod
[Web-Security] Checking with Principal : Operations
[Web-Security] Checking with Principal : Operations_Engineering
[Web-Security] Checking with Principal : Operations_Engineering_Developer
[Web-Security] Codesource with Web URL: file:/intranet/intranet-war_war
[Web-Security] Checking Web Permission with Principals : jrod, Operations, Operations_Engineering, Operations_Engineering_Developer
[Web-Security] Web Permission = (javax.security.jacc.WebRoleRefPermission / AUTHENTICATED)
JACC Policy Provider: PolicyWrapper.implies, context(intranet/intranet-war_war)- permission((javax.security.jacc.WebRoleRefPermission / AUTHENTICATED)) domain that failed(ProtectionDomain (file:/intranet/intranet-war_war <no signer certificates>)
 null
 (principals com.sun.enterprise.deployment.PrincipalImpl "jrod",
...
[/code]
[Message sent by forum member 'jeffreyrodriguez' (jeffreyrodriguez)]

http://forums.java.net/jive/thread.jspa?messageID=217482
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.