users@glassfish.java.net

Not reading sun-web.xml?

From: Christian Svensson <blue_at_cmd.nu>
Date: Sun, 8 Jul 2007 21:34:15 +0200

Hello.

I'm quite new to J2EE, but I've done some JSP work before including
this very thing, back then working.

I'm testing to build a complete EAR, and it works very nice. I want to
protect my BackendCommunicator WebService with a username and a
password, but it will not work like I want to.

I have this is my web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID"
version="2.5">
  <display-name>TestWeb</display-name>
  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>

  <security-constraint>
        <web-resource-collection>
          <web-resource-name>Auth</web-resource-name>
          <url-pattern>/*</url-pattern>
          <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
          <role-name>customer</role-name>
        </auth-constraint>
  </security-constraint>

  <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>file</realm-name>
  </login-config>
</web-app>

This works, if I have a user in the "customer" group and I enable role
-> group mapping in glassfish.

But I need role-mapping, so I make a sun-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD
Application Server 9.0 Servlet 2.5//EN"
"http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
  <context-root>/TestWeb</context-root>
  <security-role-mapping>
        <role-name>customer</role-name>
        <group-name>test-admin</group-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class java
code.</description>
    </property>
  </jsp-config>

</sun-web-app>

Removing user from customer and disabling role -> group and I get the
login box as usual, but:
[#|2007-07-08T21:16:47.746+0200|INFO|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=14;_ThreadName=httpSSLWorkerThread-80-0;|Audit:
[Web] Authorization for user = (testing) and permission type =
(hasResourcePermission) for request GET
/TestWeb/BackendCommunicatorService returned =false|#]
and a big 403 page.

Using GlassFish 2 with JDK/JRE 6. Developing with Eclipse 3.3.

Anybody noticing what I did wrong?
Greetings,
Christian
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.