Date: Tue, 4 Oct 2011 15:21:15 -0500 (CDT)
Hi there, I'm new to Java and web service development so bear with me! I
have a WS app running which connects to an Oracle database. This is all fine.
I'd now like to secure it. I've followed tutorials online for setting up
basic authentication using the file realm and this works well. When I try to
do the same using JDBC Realm connecting to my Oracle database I always
receive HTTP 401 errors. I've followed some tutorials for doing this in Java
DB and tweaked them for Oracle and I'm stumped. I have 2 tables on my db,
USERS and GROUPS. The creation scripts look like the following (storage
clauses stripped).
CREATE TABLE USERS ( USERNAME VARCHAR2(32 BYTE) NOT NULL, PASSWORD
VARCHAR2(32 BYTE) NOT NULL ); CREATE UNIQUE INDEX USERS_PK ON USERS
(USERNAME); ALTER TABLE USERS ADD ( CONSTRAINT USERS_PK PRIMARY KEY
(USERNAME) USING INDEX USERS_PK ENABLE VALIDATE); CREATE TABLE GROUPS (
USERNAME VARCHAR2(32 BYTE) NOT NULL, GROUPNAME VARCHAR2(32 BYTE) NOT NULL );
CREATE UNIQUE INDEX GROUPS_PK ON GROUPS (USERNAME, GROUPNAME); ALTER TABLE
GROUPS ADD ( CONSTRAINT GROUPS_PK PRIMARY KEY (USERNAME, GROUPNAME) USING
INDEX GROUPS_PK ENABLE VALIDATE); ALTER TABLE GROUPS ADD ( CONSTRAINT
GROUPS_R01 FOREIGN KEY (USERNAME) REFERENCES USERS (USERNAME)
I have a JDBC connection specified in Glassfish using Oracle thin driver that
was setup in NetBeans 7. I am able to successfully connect using it and am
able to retrieve data through it via my WS app.
My web.xml file looks like the following.
<?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <servlet>
<servlet-name>ServletAdaptor</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<load-on-startup>1</load-on-startup> </servlet> <servlet-mapping>
<servlet-name>ServletAdaptor</servlet-name>
<url-pattern>/resources/*</url-pattern> </servlet-mapping> <session-config>
<session-timeout> 30 </session-timeout> </session-config>
<security-constraint> <display-name>Constraint1</display-name>
<web-resource-collection> <web-resource-name>protected</web-resource-name>
<description/> <url-pattern>/resources/*</url-pattern>
</web-resource-collection> <auth-constraint> <description/>
<role-name>UsersRole</role-name> </auth-constraint> </security-constraint>
<login-config> <auth-method>BASIC</auth-method>
<realm-name>userauthn</realm-name> </login-config> <security-role>
<description/> <role-name>UsersRole</role-name> </security-role> </web-app>
And my glassfish-web.xml file looks like the following.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glassfish-web-app PUBLIC
"-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN"
"http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd"> <glassfish-web-app
error-url=""> <security-role-mapping> <role-name>UsersRole</role-name>
<group-name>Users</group-name> </security-role-mapping> <class-loader
delegate="true"/> <jsp-config> <property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java
code.</description> </property> </jsp-config> </glassfish-web-app>
I have one entry in my USERS table specifying a username and a password in
plain text. I have one entry in my GROUPS table specifying a group, "Users"
and mapping it to my single username.
I've attached userauthn.jpg to show my realm settings. I've tried specifying
the username/pwd for the JDBC connection as well and it doesn't make a
difference. I've obscured the name of my JDBC connection, but the name is in
the following format jdbc/ABCD_ABCDE. If I tweak my web.xml file to specify
the file realm and have an entry in there for the same username with the same
password and the same group association as specified in my Oracle db then all
is well. What am I doing incorrectly?
Thanks,
Michael
-- [Message sent by forum member 'mstaszew'] View Post: http://forums.java.net/node/850198
(image/jpeg attachment: userauthn.jpg)