Nithya Subramanian wrote:
> Hi Dominik,
>
> Reg your issue with isUserInRole("ADMIN") returning false for an
> authenticated user, we are not able to reproduce the issue. For a
> form-based login, for any authenticated user, isUserInRole , should
> return true.
> Could you also attach the sample webapp where you see the value
> returned incorrectly as false?
>
> For the other issue regarding accessing the protected beans, it
> appears that the SecurityManager has been turned on and is causing
> AccessControlExceptions in the weld module. Could you try without the
> SM off and recheck? If it succeeds, then you could raise an issue with
> glassfish?
raise an issue with the "weld" submodule if such a category exists,
otherwise raise it on "ejb" module.
regards,
kumar
>
> Thanks,
> Nithya
>
>
>
> Dominik Dorn wrote:
>> Hi,
>>
>> I'm trying to get started with security and glassfish v3...
>>
>> I created a user in the file - realm and added it to the Group
>> "ADMIN" (without quotes),
>> added this stuff to my web.xml:
>>
>> <security-role>
>> <description>Administration Users</description>
>> <role-name>ADMIN</role-name>
>> </security-role>
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>whole page</web-resource-name>
>> <url-pattern>/admin/*</url-pattern>
>> <http-method>GET</http-method>
>> <http-method>POST</http-method>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>ADMIN</role-name>
>> </auth-constraint>
>> <user-data-constraint>
>> <transport-guarantee>NONE</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>> <login-config>
>> <auth-method>FORM</auth-method>
>> <form-login-config>
>> <form-login-page>/login.xhtml</form-login-page>
>> <form-error-page>/loginError.xhtml</form-error-page>
>> </form-login-config>
>> </login-config>
>>
>> created a sun-web.xml with this content:
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE
>> Application Server 7.0 Servlet 2.3//EN'
>>
>> 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_3-0.dtd'>
>>
>> <sun-web-app>
>> <security-role-mapping>
>> <role-name>ADMIN</role-name>
>> <principal-name>domdorn</principal-name>
>> <group-name>ADMIN</group-name>
>> </security-role-mapping>
>>
>> <security-role-mapping>
>> <role-name>noaccess</role-name>
>> <principal-name>noaccess</principal-name>
>> </security-role-mapping>
>> </sun-web-app>
>>
>>
>> when i log myself into the application, I get the following responses:
>>
>> request.userPrincipal: domdorn
>> request.remoteUser: domdorn
>> request.authType: FORM
>> request.isUserInRole("ADMIN"): false
>>
>> and when i try to access a page which accesses protected beans, like
>> this one:
>> @ManagedBean
>> @Stateless
>> @DeclareRoles({"USER", "ADMIN"})
>> public class MemberListService {
>>
>> @EJB
>> private PersonDao personDao;
>>
>> public MemberListService() {
>> }
>>
>> @RolesAllowed({"ADMIN"})
>> public List<Person> findAll() {
>> return personDao.findAll();
>> }
>>
>> @RolesAllowed({"ADMIN"})
>> public void persist(Person person) {
>> System.out.println("Memberlistservice: persist");
>> personDao.persist(person);
>> } }
>>
>> I get the exceptions that are attached to this mail.
>>
>> What am I doing wrong?
>>
>> Please help.
>>
>> Thanks.
>>
>> Dominik Dorn
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>