users@glassfish.java.net

Re: how I can configure a web application to use an authentication realm?

From: Harsha R A <Harsha.Ra_at_Sun.COM>
Date: Tue, 04 Dec 2007 20:27:32 +0530

By any chance have you inserted any AllPermission grants in server.policy?

Please send your server.policy so that we can check that.

Thanks
Harsha

glassfish_at_javadesktop.org wrote, On Tuesday 04 December 2007 02:35 AM:
> Hello Harsha,
>
> I made the changes, unfortunate it seems to have had no effect. Here is the new web.xml (fetched via the admin gui's Applications> Web Applications> hello > descriptors ):
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <!--
> Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
> Use is subject to license terms.
> -->
>
> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
>
> <display-name>hello</display-name>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Testing</web-resource-name>
> <url-pattern>/*</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>admin-realm</realm-name>
> </login-config>
> <security-role>
> <role-name>admin</role-name>
> </security-role>
> </web-app>
>
>
> And here's the sun-web.xml:
> Applications> Web Applications> hello
>
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <!--
> Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
> Use is subject to license terms.
> -->
>
> <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
>
> <sun-web-app>
> <context-root>/hello</context-root>
> <security-role-mapping>
> <role-name>admin</role-name>
> <principal-name>admin</principal-name>
> <group-name>asadmin</group-name>
> </security-role-mapping>
> </sun-web-app>
>
>
> In the other thread I started, I pointed out that the access logs show the "NULL-AUTH-USER" is getting direct access. This really seems like there isn't a problem in these files, but that somehow, my setting are being ignored - is there a config setting someplace what would cause this to happen?
>
> Here is what shows up in the logs when I connect to the hello app:
>
> [#|2007-12-03T12:53:20.245-0800|FINEST|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=16;_ThreadName=httpSSLWorkerThread-8181-0;ClassName=com.sun.enterprise.security.provider.BasePolicyWrapper;MethodName=getPermissions;_RequestID=05478ba9-c27e-417f-9d47-77c80cefeecd;|JACC Policy Provider: PolicyWrapper.getPermissions(cs), context (hello/hello) codesource ((file:/hello/hello <no signer certificates>)) permissions: java.security.Permissions_at_1ff3fcf (
> (java.lang.RuntimePermission loadLibrary.*)
> (java.lang.RuntimePermission getClassLoader)
> (java.lang.RuntimePermission modifyThreadGroup)
> (java.lang.RuntimePermission accessDeclaredMembers)
> (java.lang.RuntimePermission setContextClassLoader)
> (java.lang.RuntimePermission queuePrintJob)
> (java.lang.RuntimePermission getProtectionDomain)
> (java.lang.RuntimePermission stopThread)
> (java.util.PropertyPermission java.version read)
> (java.util.PropertyPermission java.vm.name read)
> (java.util.PropertyPermission java.vm.vendor read)
> (java.util.PropertyPermission os.name read)
> (java.util.PropertyPermission java.vendor.url read)
> (java.util.PropertyPermission java.vm.specification.vendor read)
> (java.util.PropertyPermission java.specification.vendor read)
> (java.util.PropertyPermission os.version read)
> (java.util.PropertyPermission java.specification.name read)
> (java.util.PropertyPermission java.class.version read)
> (java.util.PropertyPermission file.separator read)
> (java.util.PropertyPermission java.vm.version read)
> (java.util.PropertyPermission os.arch read)
> (java.util.PropertyPermission java.vm.specification.name read)
> (java.util.PropertyPermission java.vm.specification.version read)
> (java.util.PropertyPermission java.specification.version read)
> (java.util.PropertyPermission java.vendor read)
> (java.util.PropertyPermission * read,write)
> (java.util.PropertyPermission path.separator read)
> (java.util.PropertyPermission line.separator read)
> (javax.management.MBeanTrustPermission register)
> (java.net.SocketPermission localhost:1024- listen,resolve)
> (java.net.SocketPermission * connect,resolve)
> (javax.security.auth.PrivateCredentialPermission javax.resource.spi.security.PasswordCredential * "*" read)
> (javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *)
> (unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission access null)
> (unresolved javax.security.jacc.WebUserDataPermission / null)
> (unresolved javax.security.jacc.WebResourcePermission / null)
> (unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
> (java.io.FilePermission <<ALL FILES>> read,write)
> (java.io.FilePermission /usr/local/glassfish/domains/domain1/lib/databases/- delete)
> (java.io.FilePermission /var/tmp//- delete)
> )
> |#]
>
> Any ideas what might be wrong?
>
> Thanks!
> [Message sent by forum member 'sychan' (sychan)]
>
> http://forums.java.net/jive/thread.jspa?messageID=248335
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.