From: <forums_at_java.net>
Date: Mon, 29 Aug 2011 12:34:10 -0500 (CDT)

We are running 3.0.1

We are trying to secure subfolders, ie parts, to only the parts group. It is
not working as advertised. As long as a person exists in the groups table,
does not matter what group is next to the account name..it will let all into
that constrained part of the website. No errors showing on any setting within
the glassfish logs.

CREATE TABLE t_groups
(
  c_username character varying(15) NOT NULL,
  groups character varying(15),
  CONSTRAINT pk_c_username PRIMARY KEY (c_username),
  CONSTRAINT "fk_loginUser" FOREIGN KEY (c_username)
      REFERENCES t_login (c_username) MATCH SIMPLE
      ON UPDATE NO ACTION ON DELETE NO ACTION
)

 
CREATE TABLE t_login
(
  c_id integer NOT NULL,
  c_username character varying(20) NOT NULL,
  c_password character varying(65) NOT NULL,
  c_active smallint DEFAULT 0,
  c_access integer DEFAULT 0,
  c_company character varying(35),
  c_role integer DEFAULT 2,
  CONSTRAINT pk_username PRIMARY KEY (c_username)
)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish
Application Server 3.0 Servlet 3.0//EN"
"http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
  <!-- property name="alternatedocroot_1" value="from=/faces/*
dir=D:/images/thumbs" / -->
    <context-root>/NLINK01</context-root>
 
    <security-role-mapping>
        <role-name>parts</role-name>
        <group-name>Parts</group-name>
    </security-role-mapping>
    <security-role-mapping>
        <role-name>users</role-name>
        <group-name>Users</group-name>
    </security-role-mapping>
    <security-role-mapping>
        <role-name>admins</role-name>
        <group-name>Admins</group-name>
    </security-role-mapping>
</sun-web-app>

 

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
               
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
                version="3.0">
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
 
 
    <security-constraint>
        <display-name>SecurePlace</display-name>
        <web-resource-collection>
            <web-resource-name>Secure
Application</web-resource-name>
            <url-pattern>/parts/*</url-pattern>         
        </web-resource-collection>
        <auth-constraint>
            <role-name>parts</role-name>
            <role-name>admins</role-name>
        </auth-constraint>
      
    </security-constraint>
     <security-constraint>
        <display-name>SecurePlace</display-name>
        <web-resource-collection>
            <web-resource-name>Secure
Application</web-resource-name>
            <url-pattern>/NLINK/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>users</role-name>
            <role-name>admins</role-name>
        </auth-constraint>
       
    </security-constraint>
 
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>NlinkRealm</realm-name>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/error.jsp</form-error-page>
        </form-login-config>
    </login-config>
   
   
</web-app>

Any help would be appreciated.

Ron

 

--
[Message sent by forum member 'fitnage']
View Post: http://forums.java.net/node/838469