users@glassfish.java.net

RE: Basic auth not working in Glassfish 2.1

From: Martin Gainty <mgainty_at_hotmail.com>
Date: Fri, 21 Aug 2009 08:46:38 -0400

any reason why your authentication method is PUT instead of GET OR POST?

does CURL read HTTP_HEADERs?
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
 
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.




> Date: Fri, 21 Aug 2009 05:24:27 -0700
> From: glassfish_at_javadesktop.org
> To: users_at_glassfish.dev.java.net
> Subject: Re: Basic auth not working in Glassfish 2.1
>
> And here is the relevant web.xml stuff, again:
>
> <security-constraint>
> <display-name>Uploading files</display-name>
> <web-resource-collection>
> <web-resource-name>FileReceiverBean</web-resource-name>
> <url-pattern>/tpos/incoming/ba/*</url-pattern>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description>Has to be a member of the BA group</description>
> <role-name>BA</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>incoming-realm</realm-name>
> </login-config>
> <security-role>
> <description/>
> <role-name>BA</role-name>
> </security-role>
>
> I have created a file based security realm in the GF admin console called "incoming-realm", and have two users there. But it seems to make no difference whatsoever what I put in the -u section of the curl command, the request always goes all the way to the web app without authentication (the web app checks and there is never any user info available).
> [Message sent by forum member 'hordurth' (hordurth)]
>
> http://forums.java.net/jive/thread.jspa?messageID=361580
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>

_________________________________________________________________
Windows Live: Keep your friends up to date with what you do online.
http://windowslive.com/Campaign/SocialNetworking?ocid=PID23285::T:WLMTAGL:ON:WL:en-US:SI_SB_online:082009