users@glassfish.java.net

Glassfish authorization error

From: <glassfish_at_javadesktop.org>
Date: Fri, 04 Jan 2008 03:46:57 PST

Hello - Glassfish authorization works fine with FORM but not BASIC or DIGEST. When i set the <auth-method> to FORM and provide the correct login.jsp with J_security everything works fine.

However when I change the <auth-method> to BASIC all i get in the browser is the following error:

[b]Unauthorized - This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.[/b]

Same happens with DIGEST.

I have copied my web.xml and sun-web.xml below and would truly appreciate some help on this one!

web.xml :
[code]
        

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <servlet>
        <servlet-name>Publish</servlet-name>
        <servlet-class>XXXXXXXXX</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>Publish</servlet-name>
        <url-pattern>/secure/Publish</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
        </welcome-file-list>
    <security-constraint>
        <display-name>Constraint1</display-name>
        <web-resource-collection>
            <web-resource-name>security</web-resource-name>
            <description/>
            <url-pattern>/secure/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>HEAD</http-method>
            <http-method>PUT</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>secure</role-name>
            </auth-constraint>
        </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>App2Server</realm-name>
        </login-config>
    <security-role>
        <description/>
        <role-name>secure</role-name>
    </security-role>
    </web-app>

[/code]

sun-web.xml:
[code]

 
        

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
  <context-root>/app2servlet</context-root>
  <security-role-mapping>
    <role-name>secure</role-name>
    <group-name>allowed</group-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</sun-web-app>

[/code]
[Message sent by forum member 'hughacland' (hughacland)]

http://forums.java.net/jive/thread.jspa?messageID=252211