I'm sure I deserve a dope-slap, but I can't find where I've misconfigured my
custom authentication realm. I think I need the custom realm because I'm
using salted hashed passwords, and it doesn't look like the JDBCRealm does
that sort of thing. In any event, my authenticateUser() never gets called.
Instead I see in the server log:
INFO: java_security.audit_auth_refused
WARNING: Web login failed: Login failed:
javax.security.auth.login.LoginException: Invalid null input: name
I've extended AppservPasswordLoginModule and AppservRealm and modified
login.conf. My realm's init() method gets called on server startup according
to the server log. Here's the relevant entries:
login.conf:
attassaRealm {
com.attassa.webservices.realm.AttassaLoginModule required;
};
deploy.xml:
<auth-realm name="AttassaRealm"
classname="com.attassa.webservices.realm.AttassaRealm">
<property name="jaas-context" value="attassaRealm" />
</auth-realm>
sun-application.xml (where does this go?)
<realm>AttassaRealm</realm>
web.xml:
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>pages</web-resource-name>
<description/>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>AttassaRealm</realm-name>
</login-config>
<security-role>
<description/>
<role-name>User</role-name>
</security-role>
It may be relevant that I get a warning on server startup that User role has
no principals mapped to it.
I'd really appreciate help seeing where I've missed a configuration step.
Thanks,
Rod