users@glassfish.java.net

Basic auth not working in Glassfish 2.1

From: <glassfish_at_javadesktop.org>
Date: Fri, 21 Aug 2009 05:15:49 PDT

Hello,

I am having a hard time getting basic http auth to work in my GF 2.1 Platform Edition (on OS X 10.4). I have a small web app with a servlet that I am trying to control access to, and the same web app works fine on a Linux box running GF 2.1 Enterprise Edition, but doesn't on my machine :-(

The servlet is basically a REST web service that processes a PUT request containing an XML document. I'm testing this locally with curl, and a typical curl log follows:

curl -v -u user:pass -k -H "Content-Type: application/xml" -T GoodFile.xml https://localhost:8181/rest/tpos/incoming/ba/GoodFile.xml

* About to connect() to localhost port 8181 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 8181 (#0)
* successfully set certificate verify locations:
* CAfile: /usr/share/curl/curl-ca-bundle.crt
  CApath: none
* SSLv2, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: /C=US/ST=California/L=Santa Clara/O=Sun Microsystems/OU=Sun GlassFish Enterprise Server/CN=mbpro.office.median.is
* start date: 2009-08-20 11:26:24 GMT
* expire date: 2019-08-18 11:26:24 GMT
* common name: mbpro.office.median.is (does not match 'localhost')
* issuer: /C=US/ST=California/L=Santa Clara/O=Sun Microsystems/OU=Sun GlassFish Enterprise Server/CN=mbpro.office.median.is
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'baglx'
> PUT /rest/tpos/incoming/ba/GoodFile.xml HTTP/1.1
> Authorization: Basic YmFnbHg6YXNkZjEyMw==
> User-Agent: curl/7.16.3 (powerpc-apple-darwin8.0) libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3
> Host: localhost:8181
> Accept: */*
> Content-Type: application/xml
> Content-Length: 46213
> Expect: 100-continue
>
< HTTP/1.1 100 Continue
< HTTP/1.1 500 Internal Server Error
< Content-Type: text/html
< Content-Language:
< Content-Length: 1341
< Date: Thu, 20 Aug 2009 11:35:07 GMT
< Connection: close
<
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

The problem is, no matter what user/pass I put in the curl command, the request is always passed on to the web app and processed by the servlet.

Here is the relevant web.xml stuff:

    <security-constraint>
        <display-name>Uploading files</display-name>
        <web-resource-collection>
            <web-resource-name>FileReceiverBean</web-resource-name>
            <url-pattern>/tpos/incoming/ba/*</url-pattern>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description>Has to be a member of the BA group</description>
            <role-name>BA</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>incoming-realm</realm-name>
    </login-config>
    <security-role>
        <description/>
        <role-name>BA</role-name>
    </security-role>

I have created a file based security realm in the GF admin console called "incoming-realm", and have two users there. But it seems to make no difference whatsoever what I put in the -u section of the curl command, the request always goes all the way to the web app without authentication (the web app checks and there is never any user info available).

This is a fresh, defaults only install of GF 2.1B60 PE, haven't made any changes anywhere other than to autodeploy this small web app to it.

Anyone have any idea why this is not working ? All ideas would be greatly appreciated, I've allready spent 2 days trying to get this to work and my Windows using colleagues are now of course telling me it is a Mac problem which of course it can't be ;-)

Thanks in advance,

Hordur Thordarson
[Message sent by forum member 'hordurth' (hordurth)]

http://forums.java.net/jive/thread.jspa?messageID=361576