users@glassfish.java.net

Re: how I can configure a web application to use an authentication realm?

From: <glassfish_at_javadesktop.org>
Date: Mon, 03 Dec 2007 13:05:49 PST

Hello Harsha,

   I made the changes, unfortunate it seems to have had no effect. Here is the new web.xml (fetched via the admin gui's Applications> Web Applications> hello > descriptors ):

<?xml version="1.0" encoding="UTF-8"?>

<!--
 Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
 Use is subject to license terms.
-->

<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

  <display-name>hello</display-name>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Testing</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>admin-realm</realm-name>
    </login-config>
    <security-role>
        <role-name>admin</role-name>
    </security-role>
</web-app>


   And here's the sun-web.xml:
Applications> Web Applications> hello
        

<?xml version="1.0" encoding="UTF-8"?>

<!--
 Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
 Use is subject to license terms.
-->

<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">

<sun-web-app>
  <context-root>/hello</context-root>
 <security-role-mapping>
    <role-name>admin</role-name>
    <principal-name>admin</principal-name>
    <group-name>asadmin</group-name>
 </security-role-mapping>
</sun-web-app>

                
    In the other thread I started, I pointed out that the access logs show the "NULL-AUTH-USER" is getting direct access. This really seems like there isn't a problem in these files, but that somehow, my setting are being ignored - is there a config setting someplace what would cause this to happen?

    Here is what shows up in the logs when I connect to the hello app:

[#|2007-12-03T12:53:20.245-0800|FINEST|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=16;_ThreadName=httpSSLWorkerThread-8181-0;ClassName=com.sun.enterprise.security.provider.BasePolicyWrapper;MethodName=getPermissions;_RequestID=05478ba9-c27e-417f-9d47-77c80cefeecd;|JACC Policy Provider: PolicyWrapper.getPermissions(cs), context (hello/hello) codesource ((file:/hello/hello <no signer certificates>)) permissions: java.security.Permissions_at_1ff3fcf (
 (java.lang.RuntimePermission loadLibrary.*)
 (java.lang.RuntimePermission getClassLoader)
 (java.lang.RuntimePermission modifyThreadGroup)
 (java.lang.RuntimePermission accessDeclaredMembers)
 (java.lang.RuntimePermission setContextClassLoader)
 (java.lang.RuntimePermission queuePrintJob)
 (java.lang.RuntimePermission getProtectionDomain)
 (java.lang.RuntimePermission stopThread)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission java.vm.name read)
 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission os.name read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission java.specification.name read)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission os.arch read)
 (java.util.PropertyPermission java.vm.specification.name read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission * read,write)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission line.separator read)
 (javax.management.MBeanTrustPermission register)
 (java.net.SocketPermission localhost:1024- listen,resolve)
 (java.net.SocketPermission * connect,resolve)
 (javax.security.auth.PrivateCredentialPermission javax.resource.spi.security.PasswordCredential * "*" read)
 (javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *)
 (unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission access null)
 (unresolved javax.security.jacc.WebUserDataPermission / null)
 (unresolved javax.security.jacc.WebResourcePermission / null)
 (unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
 (java.io.FilePermission <<ALL FILES>> read,write)
 (java.io.FilePermission /usr/local/glassfish/domains/domain1/lib/databases/- delete)
 (java.io.FilePermission /var/tmp//- delete)
)
|#]

   Any ideas what might be wrong?

   Thanks!
[Message sent by forum member 'sychan' (sychan)]

http://forums.java.net/jive/thread.jspa?messageID=248335