Hi,
The objective in my task is to have JAAS Login Module to authenticate and authorization is completely under the control of application.
web.xml reads this:
-----------------------------
<security-constraint>
<display-name>Metrics Browser Administration</display-name>
<web-resource-collection>
<web-resource-name>All-Admin-Resources</web-resource-name>
<description/>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>mymemoryrealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
sun-web.xml reads
--------------------------------------------------
<sun-web-app error-url="">
<context-root>/gfjaas</context-root>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</sun-web-app>
domain.xml has the following entry:
---------------------------------------------------------
<auth-realm classname="com.gss.web.gf.auth.jaas.SimpleCustomRealm" name="mymemoryrealm">
<property name="jaas-context" value="simpleCustomRealm"/>
<property name="auth-type" value="simplecustomrealm"/>
</auth-realm>
login.conf has the following entry:
----------------------------------------------------
simpleCustomRealm {
com.gss.web.gf.auth.jaas.SimpleCustomLoginModule required;
};
Authentication goes fine, which I see in the logs but, the requested resource gets restricted and the 403 status code is returned to the client with following message:
=======================================
HTTP Status 403 - Access to the requested resource has been denied
--------------------------------------------------------------------------------
type Status report
messageAccess to the requested resource has been denied
descriptionAccess to the specified resource (Access to the requested resource has been denied) has been forbidden.
--------------------------------------------------------------------------------
Sun Java System Application Server 9.1_02
I am completely relying on the authentication login module and nothing is happening in the authrealm class. commitAuthentication(String[]) is passed an empty array i.e., new String[0]) for I want authentication only from Glassfish but not authorization.
Can somebody help me to identify the problem?
thanks,
Ammula
[Message sent by forum member 'ammula' (ammula)]
http://forums.java.net/jive/thread.jspa?messageID=337357