users@glassfish.java.net

Re: Security contraint in JSF application on HTTP Get fails on GlassFish V3

From: Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Wed, 08 Sep 2010 16:12:09 +0530

glassfish_at_javadesktop.org wrote:
> Hi,
>
> I have been running a JSF application which works fine on Sun Application Server V9 but fails the permission check on GlassFish V3 and Oracles GlassFish V3.
> The reported error in the log is:
> [#|2010-09-08T10:20:22.086+1200 |INFO|glassfish3.0.1|javax.enterprise.system.core.security|_ThreadID=34;_ThreadName=Thread-1;|JACC Policy Provider: Failed Permission Check, context(jsf1/jsf1)- permission((javax.security.jacc.WebUserDataPermission /crudCustomer.faces GET))|#]
>
is the access to the URL using https ?.

Can you send me the granted.policy file of the application.

Also do a clean undeploy (make sure the domains/domain1/generated/policy
dir is cleaned up). Then do a deploy and retest your app.

Thanks
> The security role in sun-web.xml is:
> <security-role-mapping>
> <role-name>helloUser</role-name>
> <group-name>user</group-name>
> </security-role-mapping>
>
> The security constraint is in web.xml is:
> <security-constraint>
> <display-name>SecurityConstraint</display-name>
> <web-resource-collection>
> <web-resource-name>ExampleWRCollection</web-resource-name>
> <url-pattern>/crudCustomer.faces</url-pattern>
> <http-method>PUT</http-method>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>helloUser</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>file</realm-name>
> </login-config>
>
> All application servers are configured the same with helloUser set as a member of group users and given a password. If the security constraint and role mapping are commented out the application works on Oracle GlassFish and Open Source GlassFish
>
> Can anyone help me out?
>
> Cheers,
> JR
> [Message sent by forum member 'jdraven']
>
> http://forums.java.net/jive/thread.jspa?messageID=482084
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.