users@glassfish.java.net

JDBCRealm + Glassfish Security Configuration Problem

From: <glassfish_at_javadesktop.org>
Date: Fri, 11 Apr 2008 06:24:45 PDT

Hi there!

I have this problem regarding on web security using JDBCRealm on GlassfishAS v2. The problem was I was enabled to login to my login.jsp but when i submitted it, the errorLogin.jsp appears which means that my username or password or both of them were not valid.but when I check to my database, my username and password are correct. I check the Glassfish's log files and this was the exception errors printed:


[Web-Security] Setting Policy Context ID: old = null ctxID = CAAInfoSys/CAAInfoSys
[Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /login.jsp GET)
[Web-Security] hasUserDataPermission isGranted: true
[Web-Security] Policy Context ID was: CAAInfoSys/CAAInfoSys
[Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /j_security_check POST)
[Web-Security] hasUserDataPermission isGranted: true
Logging in user [gdpags5] into realm: caa_security_jdbcRealm using JAAS module: jdbcRealm
Login module initialized: class com.sun.enterprise.security.auth.login.JDBCLoginModule
JAAS authentication aborted.
SEC5046: Audit: Authentication refused for [gdpags5].
Web login failed: Login failed: javax.security.auth.login.LoginException: Security Exception
[Web-Security] Setting Policy Context ID: old = null ctxID = CAAInfoSys/CAAInfoSys
[Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /errorlogin.jsp GET)
[Web-Security] hasUserDataPermission isGranted: true
[Web-Security] Policy Context ID was: CAAInfoSys/CAAInfoSys
[Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /resources/images/errorIcon.gif GET)
[Web-Security] hasUserDataPermission isGranted: true
[Web-Security] Policy Context ID was: CAAInfoSys/CAAInfoSys
[Web-Security] hasResource isGranted: true
[Web-Security] hasResource perm: (javax.security.jacc.WebResourcePermission /resources/images/errorIcon.gif GET)


My realm's name is 'caa_security_jdbcRealm' and I set it as my default realm in Glassfish's admin console. Here is also the part of my security configurations in web.xml and sun-web.xml so that you can check it if it is correct:

(web.xml)

<!-- Security configuration of our web application -->
    <security-constraint>
        <display-name>Administrator Constraint</display-name>
        <web-resource-collection>
            <web-resource-name>Administrator's Page</web-resource-name>
                <url-pattern>/view/*</url-pattern>
                <url-pattern>/search/*</url-pattern>
                <url-pattern>/reports/*</url-pattern>
                <url-pattern>/edit/*</url-pattern>
                <url-pattern>/create/*</url-pattern>
                <url-pattern>/commons/*</url-pattern>
                <url-pattern>/admin/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>HEAD</http-method>
                <http-method>PUT</http-method>
                <http-method>OPTIONS</http-method>
                <http-method>TRACE</http-method>
                <http-method>DELETE</http-method>
            </web-resource-collection>
        
        <auth-constraint>
            <role-name>Administrator</role-name>
        </auth-constraint>
    </security-constraint>
    
    <security-constraint>
        <display-name>Super-Encoder Constraint</display-name>
        <web-resource-collection>
            <web-resource-name>Super-Encoder's Page</web-resource-name>
                <url-pattern>/view/*</url-pattern>
                <url-pattern>/search/*</url-pattern>
                <url-pattern>/reports/*</url-pattern>
                <url-pattern>/edit/*</url-pattern>
                <url-pattern>/create/*</url-pattern>
                <url-pattern>/commons/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>HEAD</http-method>
                <http-method>PUT</http-method>
                <http-method>OPTIONS</http-method>
                <http-method>TRACE</http-method>
                <http-method>DELETE</http-method>
            </web-resource-collection>
        
        <auth-constraint>
            <role-name>Super-Encoder</role-name>
        </auth-constraint>
    </security-constraint>
    
    <security-constraint>
        <display-name>Encoder Constraint</display-name>
        <web-resource-collection>
            <web-resource-name>Encoder's Page</web-resource-name>
                <url-pattern>/view/*</url-pattern>
                <url-pattern>/search/*</url-pattern>
                <url-pattern>/create/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>HEAD</http-method>
                <http-method>PUT</http-method>
                <http-method>OPTIONS</http-method>
                <http-method>TRACE</http-method>
                <http-method>DELETE</http-method>
            </web-resource-collection>
        
        <auth-constraint>
            <role-name>Encoder</role-name>
        </auth-constraint>
    </security-constraint>
    
    <security-constraint>
        <display-name>Viewer Constraint</display-name>
        <web-resource-collection>
            <web-resource-name>Viewer's Page</web-resource-name>
                <url-pattern>/view/*</url-pattern>
                <url-pattern>/search/*</url-pattern>
                <url-pattern>/commons/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>HEAD</http-method>
                <http-method>PUT</http-method>
                <http-method>OPTIONS</http-method>
                <http-method>TRACE</http-method>
                <http-method>DELETE</http-method>
            </web-resource-collection>
        
        <auth-constraint>
            <role-name>Viewer</role-name>
        </auth-constraint>
    </security-constraint>
    
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>caa_security_jdbcRealm</realm-name>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/errorlogin.jsp</form-error-page>
         </form-login-config>
    </login-config>
    
    <security-role>
        <role-name>Administrator</role-name>
    </security-role>
    
    <security-role>
        <role-name>Super-Encoder</role-name>
    </security-role>
    
    <security-role>
        <role-name>Encoder</role-name>
    </security-role>
    
    <security-role>
        <role-name>Viewer</role-name>
    </security-role>


(sun-web.xml)

<context-root>/CAAInfoSys</context-root>
  
  <security-role-mapping>
    <role-name>Administrator</role-name>
    <group-name>Administrator</group-name>
  </security-role-mapping>
  
  <security-role-mapping>
    <role-name>Encoder</role-name>
    <group-name>Encoder</group-name>
  </security-role-mapping>
  
  <security-role-mapping>
    <role-name>Super-Encoder</role-name>
    <group-name>Super-Encoder</group-name>
  </security-role-mapping>
  
  <security-role-mapping>
    <role-name>Viewer</role-name>
    <group-name>Viewer</group-name>
  </security-role-mapping>
  
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>

I am very pleased if you will help me to solve this problem. I've googled it in the internet for some solutions but none of the results were clear to solve this problem.
Thank you and GOD Bless!!!
[Message sent by forum member 'gdpags5' (gdpags5)]

http://forums.java.net/jive/thread.jspa?messageID=268772