I'm sure I deserve a dope-slap, but I can't find where I've misconfigured my custom authentication realm. I'm trying to get my login module called whenever I access a page, but authenticateUser() never gets called. Instead I see in the server log:
INFO: java_security.audit_auth_refused
WARNING: Web login failed: Login failed: javax.security.auth.login.LoginException: Invalid null input: name
I've extended AppservPasswordLoginModule and AppservRealm and modified login.conf. My realm's init() method gets called on server startup according to the server log. Here's the relevant entries:
login.conf:
attassaRealm {
com.attassa.webservices.realm.AttassaLoginModule required;
};
deploy.xml:
<auth-realm name="AttassaRealm" classname="com.attassa.webservices.realm.AttassaRealm">
<property name="jaas-context" value="attassaRealm" />
</auth-realm>
sun-application.xml (where does this go?)
<realm>AttassaRealm</realm>
web.xml:
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>pages</web-resource-name>
<description/>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>AttassaRealm</realm-name>
</login-config>
<security-role>
<description/>
<role-name>User</role-name>
</security-role>
It may be relevant that I get a warning on server startup that User role has no principals mapped to it.
I'd really appreciate help seeing where I've missed a configuration step.
Thanks,
Rod
[Message sent by forum member 'rfrey' (rfrey)]
http://forums.java.net/jive/thread.jspa?messageID=319390