users@glassfish.java.net

Re: Basic Authorization not being received

From: <glassfish_at_javadesktop.org>
Date: Mon, 30 Nov 2009 11:05:01 PST

Ok - I have done what you suggested. Here is the updated contents of my web.xml:
...
<security-constraint>
        <web-resource-collection>
            <web-resource-name>ARM</web-resource-name>
                <url-pattern>/ARM/*</url-pattern>
                <http-method>POST</http-method>
                <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
                <role-name>CARS_USER</role-name>
        </auth-constraint>
</security-constraint>
<login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>jdbc</realm-name>
</login-config>
<security-role>
    <role-name>CARS_USER</role-name>
</security-role>

and sun-web.xml:

  <security-role-mapping>
    <role-name>CARS_USER</role-name>
    <group-name>CARS_USER</group-name>
  </security-role-mapping>

and domain.xml entry for my realm:
<auth-realm classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm" name="jdbc">
          <property name="jaas-context" value="jdbcRealm"/>
          <property name="password-column" value="passwd"/>
          <property name="datasource-jndi" value="jdbc/arm"/>
          <property name="group-table" value="dbo.security"/>
          <property name="user-table" value="dbo.security"/>
          <property name="group-name-column" value="&apos;CARS_USER&apos; as user_group"/>
          <property name="db-password" value="cars_java123"/>
          <property name="digest-algorithm" value="none"/>
          <property name="db-user" value="cars_java"/>
          <property name="user-name-column" value="user_id"/>
          <property name="assign-groups" value="CARS_USER"/>
</auth-realm>

Finally I saw this in my server.log - I don't know how it is related - as it is for the httpSSLWorkerThread and I am using HTTP. the interesting piece is at the end - the line: "unresolved javax.security.jacc.WebResourcePermission /ARM/* !GET,POST". This is the resource I am trying to access and for which I have set up permissions for GET and POST but yet "it" (WHAT?) is unresolved? Any ideas?

Also here is what SoapUI is sending for HTTP headers:
Mon Nov 30 13:55:36 EST 2009:DEBUG:>> "POST /ARM/ARM/ HTTP/1.1[\r][\n]"
Mon Nov 30 13:55:36 EST 2009:DEBUG:>> "Content-Type: text/xml;charset=UTF-8[\r][\n]"
Mon Nov 30 13:55:36 EST 2009:DEBUG:>> "SOAPAction: ""[\r][\n]"
Mon Nov 30 13:55:36 EST 2009:DEBUG:>> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
Mon Nov 30 13:55:36 EST 2009:DEBUG:>> "Host: localhost:8000[\r][\n]"
Mon Nov 30 13:55:36 EST 2009:DEBUG:>> "Content-Length: 253[\r][\n]"


#|2009-11-30T13:44:37.685-0500|FINEST|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=55;_ThreadName=httpSSLWorkerThread-8000-0;Clas
sName=com.sun.enterprise.security.provider.BasePolicyWrapper;MethodName=getPermissions;_RequestID=5be19808-32ba-492b-9edd-011d1602780e;|JACC Policy Pr
ovider: PolicyWrapper.getPermissions(cs), context (arm/arm) codesource ((file:/arm/arm <no signer certificates>)) permissions: java.security.Permissio
ns_at_5feba (
 (javax.security.auth.PrivateCredentialPermission javax.resource.spi.security.PasswordCredential * "*" read)
 (java.io.FilePermission <<ALL FILES>> read,write)
 (java.io.FilePermission C:/Sun/GlassFish/domains/arm\lib\databases\- delete)
 (java.io.FilePermission C:\DOCUME~1\brendac\LOCALS~1\Temp\\- delete)
 (javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission java.vm.name read)
 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission os.name read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission java.specification.name read)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission os.arch read)
 (java.util.PropertyPermission java.vm.specification.name read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission * read,write)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission line.separator read)
 (java.lang.RuntimePermission loadLibrary.*)
 (java.lang.RuntimePermission getClassLoader)
 (java.lang.RuntimePermission modifyThreadGroup)
 (java.lang.RuntimePermission accessDeclaredMembers)
 (java.lang.RuntimePermission setContextClassLoader)
 (java.lang.RuntimePermission queuePrintJob)
 (java.lang.RuntimePermission getProtectionDomain)
 (java.lang.RuntimePermission stopThread)
 (javax.management.MBeanTrustPermission register)
 (java.net.SocketPermission localhost:1024- listen,resolve)
 (java.net.SocketPermission * connect,resolve)
 (unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission access null)
 (unresolved javax.security.jacc.WebUserDataPermission /ARM/* null)
 (unresolved javax.security.jacc.WebUserDataPermission /:/ARM/* null)
 (unresolved javax.security.jacc.WebResourcePermission /:/ARM/* null)
 (unresolved javax.security.jacc.WebResourcePermission /ARM/* !GET,POST)
 (unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
 (java.security.AllPermission <all permissions> <all actions>)
[Message sent by forum member 'bcoulson220' ]

http://forums.java.net/jive/thread.jspa?messageID=373916
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.