users@glassfish.java.net

How to: use Form based auth via JDBCRealm:oracle in Glassfish 3.0

From: <glassfish_at_javadesktop.org>
Date: Wed, 13 Jan 2010 08:59:41 PST

I can login but my state seems to be in a half logged in state. I get the 403 message after successfully logging in. Very strange, why would that happen?

 As i surf to the different pages I get the logged in message on the top of my pages and i even access restricted data in the database, but when I try to access data via ajax I still get the 403 error message.
Here is my complete web.xml file, is there anything wrong with it? (I cut some servlet and servlet-mappings for brevity.) Also I tried it with all the web-resource-collections defined within one security-constraint but the effect seems the same so far.

# <?xml version="1.0" encoding="UTF-8"?>
# <web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.5"
# xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
# xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
# http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
#
#
#
# <display-name>My Games</display-name>
# <description>A collection of web based games.
# </description>
#
# <context-param>
# <param-name>password</param-name>
# <param-value>mypassword</param-value>
# </context-param>
#
# <context-param>
# <param-name>email</param-name>
# <param-value>myemail_at_yahoo.com</param-value>
# </context-param>
#
# <session-config>
# <session-timeout>
# 30
# </session-timeout>
# </session-config>
#
# <servlet>
# <description>Validates Form Input using XmlHttpRequest Objects</description>
# <servlet-name>ValidationServlet</servlet-name>
# <servlet-class>mypackage.ValidationServlet</servlet-class>
# </servlet>
# <servlet>
# <servlet-name>LPS</servlet-name>
# <servlet-class>mypackage.LPServlet</servlet-class>
# <load-on-startup>1</load-on-startup>
# </servlet>
# <servlet>
# <servlet-name>WServlet</servlet-name>
# <servlet-class>mypackage.WServlet</servlet-class>
# </servlet>
#
#
# <servlet-mapping>
# <servlet-name>LPS</servlet-name>
# <url-pattern>/lps.do</url-pattern>
# </servlet-mapping>
# <servlet-mapping>
# <servlet-name>WServlet</servlet-name>
# <url-pattern>/WServlet.do</url-pattern>
# <url-pattern>/login.do</url-pattern>
# <url-pattern>/logout.do</url-pattern>
# </servlet-mapping>
# <servlet-mapping>
# <servlet-name>ValidationServlet</servlet-name>
# <url-pattern>/validate.do</url-pattern>
# <url-pattern>/validate.reg</url-pattern>
# </servlet-mapping>
#
# <welcome-file-list>
# <welcome-file>index.jsp</welcome-file>
# <welcome-file>index.html</welcome-file>
# <welcome-file>index.htm</welcome-file>
# </welcome-file-list>
#
# <security-constraint>
# <display-name>Post Security Constraint</display-name>
# <web-resource-collection>
# <web-resource-name>Logged in jsp</web-resource-name>
# <!-- Define the context-relative URL(s) to be protected -->
# <url-pattern>/loggedin.jsp</url-pattern>
# <http-method>GET</http-method>
# <http-method>POST</http-method>
# </web-resource-collection>
#
# <auth-constraint>
# <!-- Anyone with one of the listed roles may access this area -->
# <role-name>member</role-name>
# <role-name>admin</role-name>
# </auth-constraint>
# </security-constraint>
#
# <security-constraint>
# <display-name>Post Security Constraint</display-name>
# <web-resource-collection>
# <web-resource-name>Login via GET</web-resource-name>
# <!-- Define the context-relative URL(s) to be protected -->
# <url-pattern>/login.do</url-pattern>
# <http-method>GET</http-method>
# </web-resource-collection>
#
# <auth-constraint>
# <!-- Anyone with one of the listed roles may access this area -->
# <role-name>member</role-name>
# <role-name>admin</role-name>
# </auth-constraint>
# </security-constraint>
# <security-constraint>
# <display-name>Post Security Constraint</display-name>
#
# <web-resource-collection>
# <web-resource-name>Any Post .do</web-resource-name>
# <!-- Define the context-relative URL(s) to be protected -->
# <url-pattern>*.do</url-pattern>
# <http-method>POST</http-method>
# </web-resource-collection>
#
#
# <auth-constraint>
# <!-- Anyone with one of the listed roles may access this area -->
# <role-name>member</role-name>
# <role-name>admin</role-name>
# </auth-constraint>
# </security-constraint>
#
# <login-config>
# <auth-method>FORM</auth-method>
# <realm-name>jdbc_wserv</realm-name>
# <form-login-config>
# <form-login-page>/loginPage.jsp</form-login-page>
# <form-error-page>/loginError.jsp</form-error-page>
# </form-login-config>
# </login-config>
#
# <!-- Security roles referenced by this web application -->
# <security-role>
# <role-name>member</role-name>
# </security-role>
#
# <security-role>
# <role-name>admin</role-name>
# </security-role>
#
# <listener>
# <listener-class>mypackage.WServContextListener</listener-class>
# </listener>
#
#
# </web-app>
 
 

Maybe it will help if you see what I mean yourself: just go here http://thesoftwaretaylor.homeip.net/WonderLand/ and click login, username and password is "any" : wierd login error
After submiting you will get the error page, then backup to the main page again and hit reload. you will see you are now logged in as user "any".
No if you click on the Mischmasch lnk a you will see a number of saved games in a drop down box. try to load one. you will get another 403 error, (you'll need to use the firebug add on to firefox to see it). So the web app seems to be in a wierd partially logged in state.

All my user name and role info is in my database. Should some of it be elsewhere?
[Message sent by forum member 'cal41' (calgach_at_yahoo.ca)]

http://forums.java.net/jive/thread.jspa?messageID=380686
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.