users@glassfish.java.net

Re: Configuring custom realm

From: Nithya Subramanian <Nithya.Subramanian_at_Sun.COM>
Date: Tue, 09 Dec 2008 16:52:48 +0530

Apologies for the delayed response.

Have you made sure that the groupList (the String[] that the
authenticate method in the custom LoginModule class) that is returned
via the commitAuthentication() call, contains the group name the user
belongs to?

You could populate this groupList by invoking the already
getGroupNames(username) of your realm class as well.

 protected void authenticate () {
......
......

    String[] groupListToForward = <Array of groups to which the user
belongs>
    commitAuthentication(groupListToForward);
}

HTH
Nithya




Rod Fitzsimmons Frey wrote:
> Thanks, Nithya. I get the same error in the logs:
>
> INFO: java_security.audit_auth_refused
> WARNING: Web login failed: Login failed:
> javax.security.auth.login.LoginException: Invalid null input: name
>
> I may be configuring the groups incorrectly. I specified
>
> <role-name>User</role-name>
> <group-name>Anyone</group-name>
> </security-role-mapping>
>
> And I made sure that getGroupNames in my realm class included "Anyone" in
> the enumeration.
>
> GetGroupNames() and getGroupNames(username) are never called though.
>
> I don't know how to configure the groups or principals in Glassfish though.
> In the Admin app, other realms have a Group field when I select them: mine
> does not and I do not know what the property is called ("group"? "groups"?)
> and I do not know where that information is being stored - can't find
> anything in domain.xml or in login.conf.
>
> Thanks again for the help.
>
> Rod
>
>
>> -----Original Message-----
>> From: Nithya.Subramanian_at_Sun.COM [mailto:Nithya.Subramanian_at_Sun.COM]
>> Sent: Monday, December 01, 2008 11:06 PM
>> To: users_at_glassfish.dev.java.net
>> Subject: Re: Configuring custom realm
>>
>> Hi Rod,
>>
>> Could you try including this entry in your sun-web.xml to map the role
>> mentioned in your web.xml (User) to the corresponding principals or
>> groups configured in your realm?
>>
>> <role-name>User</role-name>
>> <principal-name>xxx</principal-name>
>> <group-name>ggg</group-name>
>> </security-role-mapping>
>>
>> Thanks
>> Nithya
>>
>>
>> Rod Fitzsimmons Frey wrote:
>>
>>> I'm sure I deserve a dope-slap, but I can't find where I've
>>>
>> misconfigured my
>>
>>> custom authentication realm. I think I need the custom realm because
>>>
>> I'm
>>
>>> using salted hashed passwords, and it doesn't look like the JDBCRealm
>>>
>> does
>>
>>> that sort of thing. In any event, my authenticateUser() never gets
>>>
>> called.
>>
>>> Instead I see in the server log:
>>>
>>> INFO: java_security.audit_auth_refused
>>> WARNING: Web login failed: Login failed:
>>> javax.security.auth.login.LoginException: Invalid null input: name
>>>
>>> I've extended AppservPasswordLoginModule and AppservRealm and
>>>
>> modified
>>
>>> login.conf. My realm's init() method gets called on server startup
>>>
>> according
>>
>>> to the server log. Here's the relevant entries:
>>>
>>> login.conf:
>>>
>>> attassaRealm {
>>> com.attassa.webservices.realm.AttassaLoginModule required;
>>> };
>>>
>>> deploy.xml:
>>>
>>> <auth-realm name="AttassaRealm"
>>> classname="com.attassa.webservices.realm.AttassaRealm">
>>> <property name="jaas-context" value="attassaRealm" />
>>> </auth-realm>
>>>
>>> sun-application.xml (where does this go?)
>>>
>>> <realm>AttassaRealm</realm>
>>>
>>> web.xml:
>>> <security-constraint>
>>> <display-name>Constraint1</display-name>
>>> <web-resource-collection>
>>> <web-resource-name>pages</web-resource-name>
>>> <description/>
>>> <url-pattern>/*</url-pattern>
>>> <http-method>GET</http-method>
>>> <http-method>POST</http-method>
>>> <http-method>HEAD</http-method>
>>> <http-method>PUT</http-method>
>>> <http-method>OPTIONS</http-method>
>>> <http-method>TRACE</http-method>
>>> <http-method>DELETE</http-method>
>>> </web-resource-collection>
>>> <auth-constraint>
>>> <description/>
>>> <role-name>User</role-name>
>>> </auth-constraint>
>>> </security-constraint>
>>> <login-config>
>>> <auth-method>BASIC</auth-method>
>>> <realm-name>AttassaRealm</realm-name>
>>> </login-config>
>>> <security-role>
>>> <description/>
>>> <role-name>User</role-name>
>>> </security-role>
>>>
>>> It may be relevant that I get a warning on server startup that User
>>>
>> role has
>>
>>> no principals mapped to it.
>>>
>>> I'd really appreciate help seeing where I've missed a configuration
>>>
>> step.
>>
>>> Thanks,
>>> Rod
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>