glassfish_at_javadesktop.org wrote:
> GlassFish doesn't redirect to the login form page and access to restricted resources is not restricted
>
> I think it's because admin-realm admin is automatically authenticated and when I try to access a restricted page, it checks the authenticated user and since it's admin and it has authorization to the page, the the page is accessible and does not prompt to login.
>
> These still appear when I run the application and not trying to login to admin console of glass fish
>
> Processing login with credentials of type: class com.sun.enterprise.security.auth.login.PasswordCredential
> Logging in user [admin] into realm: admin-realm using JAAS module: fileRealm
> Login module initialized: class com.sun.enterprise.security.auth.login.FileLoginModule
> File login succeeded for: admin
> JAAS login complete.
> JAAS authentication committed.
> Password login succeeded for : admin
> permission check done to set SecurityContext
> Set security context as user: admin
>
> Also these
>
> (unresolved javax.security.jacc.WebUserDataPermission /security/* null)
> (unresolved javax.security.jacc.WebUserDataPermission /:/security/* null)
> (unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission access null)
> (unresolved javax.security.jacc.WebResourcePermission /:/security/* null)
> (unresolved javax.security.jacc.WebResourcePermission /security/* !DELETE,GET,HEAD,OPTIONS,POST,PUT,TRACE)
> (unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
>
> I tried using <url-pattern>/*</url-pattern> instead of <url-pattern>/security/*</url-pattern>
>
> and interestingly this is what I got in the trace.
>
> Processing login with credentials of type: class com.sun.enterprise.security.auth.login.PasswordCredential
> Logging in user [employee] into realm: emsSecurity using JAAS module: jdbcRealm
> Login module initialized: class com.sun.enterprise.security.auth.login.JDBCLoginModule
> JDBC login succeeded for: employee groups:[Ljava.lang.String;@16bfca4
> JAAS login complete.
> JAAS authentication committed.
> Password login succeeded for : employee
> permission check done to set SecurityContext
> Set security context as user: employee
>
> and it goes to a access denied page.
>
> 'HTTP Status 403 - Access to the requested resource has been denied'
>
> I don't understand how glassfish authenticates the user employee without the user submitting the login credentials. It even says 'Password login succeeded for : employee'. Please help me solve this problem
>
Please file a bug with steps to reproduce.
Thanks.
> [Message sent by forum member 'cadii' (vishanka18_at_yahoo.com)]
>
> http://forums.java.net/jive/thread.jspa?messageID=390626
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>