From: <glassfish_at_javadesktop.org>
Date: Tue, 17 Mar 2009 00:25:58 PDT

Hi,

The objective in my task is to have JAAS Login Module to authenticate and authorization is completely under the control of application.

web.xml reads this:
-----------------------------
    <security-constraint>
        <display-name>Metrics Browser Administration</display-name>
        <web-resource-collection>
            <web-resource-name>All-Admin-Resources</web-resource-name>
            <description/>
            <url-pattern>/admin/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>HEAD</http-method>
            <http-method>PUT</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>*</role-name>
            </auth-constraint>
        </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>mymemoryrealm</realm-name>
        <form-login-config>
          <form-login-page>/login.jsp</form-login-page>
          <form-error-page>/error.jsp</form-error-page>
        </form-login-config>
        </login-config>


sun-web.xml reads
--------------------------------------------------

<sun-web-app error-url="">
  <context-root>/gfjaas</context-root>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</sun-web-app>

domain.xml has the following entry:
---------------------------------------------------------
        <auth-realm classname="com.gss.web.gf.auth.jaas.SimpleCustomRealm" name="mymemoryrealm">
          <property name="jaas-context" value="simpleCustomRealm"/>
          <property name="auth-type" value="simplecustomrealm"/>
        </auth-realm>

login.conf has the following entry:
----------------------------------------------------
simpleCustomRealm {
        com.gss.web.gf.auth.jaas.SimpleCustomLoginModule required;
};

Authentication goes fine, which I see in the logs but, the requested resource gets restricted and the 403 status code is returned to the client with following message:

=======================================
HTTP Status 403 - Access to the requested resource has been denied

--------------------------------------------------------------------------------
type Status report

messageAccess to the requested resource has been denied

descriptionAccess to the specified resource (Access to the requested resource has been denied) has been forbidden.
--------------------------------------------------------------------------------
Sun Java System Application Server 9.1_02

I am completely relying on the authentication login module and nothing is happening in the authrealm class. commitAuthentication(String[]) is passed an empty array i.e., new String[0]) for I want authentication only from Glassfish but not authorization.

Can somebody help me to identify the problem?

thanks,
Ammula
[Message sent by forum member 'ammula' (ammula)]

http://forums.java.net/jive/thread.jspa?messageID=337357