Hi Rod,
Could you try including this entry in your sun-web.xml to map the role
mentioned in your web.xml (User) to the corresponding principals or
groups configured in your realm?
<role-name>User</role-name>
<principal-name>xxx</principal-name>
<group-name>ggg</group-name>
</security-role-mapping>
Thanks
Nithya
Rod Fitzsimmons Frey wrote:
> I'm sure I deserve a dope-slap, but I can't find where I've misconfigured my
> custom authentication realm. I think I need the custom realm because I'm
> using salted hashed passwords, and it doesn't look like the JDBCRealm does
> that sort of thing. In any event, my authenticateUser() never gets called.
> Instead I see in the server log:
>
> INFO: java_security.audit_auth_refused
> WARNING: Web login failed: Login failed:
> javax.security.auth.login.LoginException: Invalid null input: name
>
> I've extended AppservPasswordLoginModule and AppservRealm and modified
> login.conf. My realm's init() method gets called on server startup according
> to the server log. Here's the relevant entries:
>
> login.conf:
>
> attassaRealm {
> com.attassa.webservices.realm.AttassaLoginModule required;
> };
>
> deploy.xml:
>
> <auth-realm name="AttassaRealm"
> classname="com.attassa.webservices.realm.AttassaRealm">
> <property name="jaas-context" value="attassaRealm" />
> </auth-realm>
>
> sun-application.xml (where does this go?)
>
> <realm>AttassaRealm</realm>
>
> web.xml:
> <security-constraint>
> <display-name>Constraint1</display-name>
> <web-resource-collection>
> <web-resource-name>pages</web-resource-name>
> <description/>
> <url-pattern>/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>HEAD</http-method>
> <http-method>PUT</http-method>
> <http-method>OPTIONS</http-method>
> <http-method>TRACE</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description/>
> <role-name>User</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>AttassaRealm</realm-name>
> </login-config>
> <security-role>
> <description/>
> <role-name>User</role-name>
> </security-role>
>
> It may be relevant that I get a warning on server startup that User role has
> no principals mapped to it.
>
> I'd really appreciate help seeing where I've missed a configuration step.
>
> Thanks,
> Rod
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>