users@glassfish.java.net

Re: "assign group" in JDBC realm

From: Glenn Holmer <gholmer_at_weycogroup.com>
Date: Tue, 26 Feb 2008 08:03:40 -0600

V B Kumar Jayanti wrote:
> Glenn Holmer wrote:
>
>> I'm using form-based authentication, and everything seems to work, as
>> long as I fill in the group name in the "Assign Group:" field for the
>> JDBC security realm. Otherwise I get a 403.
>>
>> I've another app that works without this field specified, and the only
>> difference I can see is that the one that works without it has more than
>> one security constraint.

> Can you paste the constraints of both the apps.

the one that gives a 403:

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>dashboard_security</web-resource-name>
      <description>user authentication</description>
      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>HEAD</http-method>
      <http-method>PUT</http-method>
      <http-method>OPTIONS</http-method>
      <http-method>TRACE</http-method>
      <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>user</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>dashboard</realm-name>
    <form-login-config>
      <form-login-page>/Login.html</form-login-page>
      <form-error-page>/LoginError.html</form-error-page>
    </form-login-config>
  </login-config>
  <security-role>
    <role-name>user</role-name>
  </security-role>

the one that works OK:

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>qlink-sysop</web-resource-name>
      <description>Q-Link Sysop</description>
      <url-pattern>/Users.iface</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>HEAD</http-method>
      <http-method>PUT</http-method>
      <http-method>OPTIONS</http-method>
      <http-method>TRACE</http-method>
      <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>sysop</role-name>
    </auth-constraint>
  </security-constraint>

  <security-role>
    <role-name>sysop</role-name>
  </security-role>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>qlink-bulletins</web-resource-name>
      <description>Q-Link Bulletins</description>
      <url-pattern>/Bulletins.iface</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>HEAD</http-method>
      <http-method>PUT</http-method>
      <http-method>OPTIONS</http-method>
      <http-method>TRACE</http-method>
      <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>bulletins</role-name>
    </auth-constraint>
  </security-constraint>

  <security-role>
    <role-name>bulletins</role-name>
  </security-role>

  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>qlink-sysop</realm-name>
    <form-login-config>
      <form-login-page>/Login.html</form-login-page>
      <form-error-page>/LoginError.html</form-error-page>
    </form-login-config>
  </login-config> 

-- 
____________________________________________________________
Glenn Holmer                          gholmer_at_weycogroup.com
Software Engineer                        phone: 414-908-1809
Weyco Group, Inc.                          fax: 414-908-1601
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.