Hi Dominik,
Reg your issue with isUserInRole("ADMIN") returning false for an
authenticated user, we are not able to reproduce the issue. For a
form-based login, for any authenticated user, isUserInRole , should
return true. Could you also attach the sample webapp where you see the
value returned incorrectly as false?
For the other issue regarding accessing the protected beans, it appears
that the SecurityManager has been turned on and is causing
AccessControlExceptions in the weld module. Could you try without the SM
off and recheck? If it succeeds, then you could raise an issue with
glassfish?
Thanks,
Nithya
Dominik Dorn wrote:
> Hi,
>
> I'm trying to get started with security and glassfish v3...
>
> I created a user in the file - realm and added it to the Group "ADMIN"
> (without quotes),
> added this stuff to my web.xml:
>
> <security-role>
> <description>Administration Users</description>
> <role-name>ADMIN</role-name>
> </security-role>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>whole page</web-resource-name>
> <url-pattern>/admin/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>ADMIN</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.xhtml</form-login-page>
> <form-error-page>/loginError.xhtml</form-error-page>
> </form-login-config>
> </login-config>
>
> created a sun-web.xml with this content:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE
> Application Server 7.0 Servlet 2.3//EN'
>
> 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_3-0.dtd'>
> <sun-web-app>
> <security-role-mapping>
> <role-name>ADMIN</role-name>
> <principal-name>domdorn</principal-name>
> <group-name>ADMIN</group-name>
> </security-role-mapping>
>
> <security-role-mapping>
> <role-name>noaccess</role-name>
> <principal-name>noaccess</principal-name>
> </security-role-mapping>
> </sun-web-app>
>
>
> when i log myself into the application, I get the following responses:
>
> request.userPrincipal: domdorn
> request.remoteUser: domdorn
> request.authType: FORM
> request.isUserInRole("ADMIN"): false
>
> and when i try to access a page which accesses protected beans, like
> this one:
> @ManagedBean
> @Stateless
> @DeclareRoles({"USER", "ADMIN"})
> public class MemberListService {
>
> @EJB
> private PersonDao personDao;
>
> public MemberListService() {
> }
>
> @RolesAllowed({"ADMIN"})
> public List<Person> findAll() {
> return personDao.findAll();
> }
>
> @RolesAllowed({"ADMIN"})
> public void persist(Person person) {
> System.out.println("Memberlistservice: persist");
> personDao.persist(person);
> }
> }
>
> I get the exceptions that are attached to this mail.
>
> What am I doing wrong?
>
> Please help.
>
> Thanks.
>
> Dominik Dorn
>
>
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net