users@glassfish.java.net

Re: 401 Unauthorized when failing security constraint of servlet?

From: Gabor Szokoli <szocske_at_gmail.com>
Date: Thu, 24 Jul 2008 13:46:26 +0200

Well, the rubber duck method worked, trying to reproduce on a minimal
example helped me solve the problem:

In my web.xml, I had the security-role and login-config elements
outside the security-constraint element.
Oh well, thanks anyway :-)


Szocske

On Tue, Jul 15, 2008 at 1:54 PM, Gabor Szokoli <szocske_at_gmail.com> wrote:
> On Tue, Jul 15, 2008 at 11:40 AM, V B Kumar Jayanti
> <Vbkumar.Jayanti_at_sun.com> wrote:
>>
>> Not sure if you have hit some bug. Can you provide a testcase so i can
>> reproduce this.
>>
>
> Sure thing.
>
> I'll strip it down a bit, might take a day or two to get to it.
>
> In the meantime I can copy-paste the relevant parts of my domain.xml
> and web.xml.
> Other than the group name assigned to the certificate realm, it's an
> out of the box "development" installation of 9.1_02 (build b04-fcs) on
> a debian etch x86, sun java 1.5.0_14. The servlet is the Jersey
> servlet container from version 0.7, but that shouldn't matter I guess.
>
> XXXX domain.xml XXXX
> <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"
> name="certificate">
> <property name="assign-groups" value="authorized"/>
> </auth-realm>
> XXXX
>
> XXXX web.xml XXXX
> <login-config>
> <auth-method>CLIENT-CERT</auth-method>
> </login-config>
>
> <security-role>
> <description />
> <role-name>authorized</role-name>
> </security-role>
>
>
> <security-constraint>
> <display-name>CCF-REST</display-name>
> <web-resource-collection>
> <web-resource-name>CCF_REST</web-resource-name>
> <description></description>
> <url-pattern>/</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>HEAD</http-method>
> <http-method>PUT</http-method>
> <http-method>OPTIONS</http-method>
> <http-method>TRACE</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description/>
> <role-name>authorized</role-name>
> </auth-constraint>
> <user-data-constraint>
> <description/>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
>
> XXXX
>