users@glassfish.java.net

Re: problem with custom realm

From: Dirk Reske <dirk.reske_at_devhost.de>
Date: Sat, 24 May 2008 00:58:00 +0200

After some debugging I found out that my custom realm gets loaded, but
not my custom login module
In the domain.xml I've following:
<property name="jaas-context" value="myCustomRealm"/>

and in the login.conf
myCustomRealm{
    de.test.security.MyCustomLoginModule required;
};

Dirk Reske schrieb:
> Hello,
>
> I try to develop a custom realm the last days...
> I follow the docs and a view blog entries about that .
>
> I derived my custom realm from AppservRealm.
> I also implemented the corresponding LoginModule (deriving from
> AppservPasswordLoginModule)
> I configured the Realm via the web interface and added the login
> module to the login.conf.
>
> But when I save the realm conf, I get following error log:
> The FileRealm classname, "de.test.security.MyCustomRealm" does not
> extend "com.sun.enterprise.security.auth.realm.file.FileRealm".|#]
>
> When I ignore this log and try to login using a simple web app with
> following web.xml entries:
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>StudiOrgaRealm</realm-name>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/loginerror.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>User Area</web-resource-name>
> <url-pattern>/*</url-pattern>
> <http-method>GET</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>Users</role-name>
> </auth-constraint>
> </security-constraint>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Admin Area</web-resource-name>
> <url-pattern>/admin/*</url-pattern>
> <http-method>GET</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>Admins</role-name>
> </auth-constraint>
> </security-constraint>
>
> I get following:
> [#|2008-05-24T00:30:38.312+0200|INFO|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=15;_ThreadName=httpSSLWorkerThread-8080-1;admin;|SEC5046:
> Audit: Authentication refused for [admin].|#]
>
> [#|2008-05-24T00:30:38.312+0200|WARNING|sun-appserver9.1|javax.enterprise.system.container.web|_ThreadID=15;_ThreadName=httpSSLWorkerThread-8080-1;_RequestID=22ec490e-f5e4-41ff-9989-8154a4c09210;|Web
> login failed: Login failed: javax.security.auth.login.LoginException:
> Failed file login for admin.|#]
>
> hope somebody can help me :)
> Dirk (germany)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>