users@glassfish.java.net

Re: how I can configure a web application to use an authentication realm?

From: <glassfish_at_javadesktop.org>
Date: Thu, 29 Nov 2007 16:24:04 PST

Hello,
   I'm having a related, but apparently more basic problem. I am trying to figure out how authentication is enabled in Glassfish (Sun Java App server 9.1). No matter what settings I put into web.xml or sun-web.xml for the "hello" sample application, I can't get any authentication to occur when I go to the test page. It is as if all the configs I put in are being totally ignored.

   I've followed all the instructions I could find, as well as looked across the forum questions. Here are the the contents of my $GLASSFISH/domains/domain1/applications/j2ee-modules/hello/WEB-INF/web.xml file:
<?xml version="1.0" encoding="UTF-8"?>

<!--
 Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
 Use is subject to license terms.
-->

<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
  <display-name>hello</display-name>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Testing</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>admin-realm</realm-name>
    </login-config>
    <security-role>
        <role-name>admin</role-name>
    </security-role>
</web-app>

   And here's the sun-web.xml from the same directory:

<?xml version="1.0" encoding="UTF-8"?>

<!--
 Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
 Use is subject to license terms.
-->

<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 8.1 Servlet 2.4//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_4-1.dtd">
<sun-web-app>
  <context-root>/hello</context-root>
 <security-role-mapping>
    <role-name>admin</role-name>
    <principal-name>admin</principal-name>
    <group-name>asadmin</group-name>
 </security-role-mapping>
</sun-web-app>

   I've tried to re-use the admin-realm, because I know that adminstrative authentication is working properly. The application is in question is the "Hello" form input app that has Duke waving. It was autodeployed by dropping it into the autodeployment directory.

   The app works fine, I just can force any kind of authentication. Obviously I'm missing something really obvious - can someone spare a clue?

    Thanks.
[Message sent by forum member 'sychan' (sychan)]

http://forums.java.net/jive/thread.jspa?messageID=247917
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.