users@glassfish.java.net

Re: Web user security not working in Glassfish 3.1.1

From: Amy Roh <amy.roh_at_oracle.com>
Date: Wed, 09 Nov 2011 13:12:35 -0800

Can you file an issue and attach your war file?

Amy

On 11/9/11 7:13 AM, forums_at_java.net wrote:
> I just upgraded to Glassfish 3.1.1 from Glassfish 3.1 and I am having
> issues
> with web user security. To simply reproduce the issue, I created a very
> simple web project with just one content /index.html file in it, the
> files
> for form based login, and the required web descriptors.
>
> My web.xml contains the seucrity constraints (shown below) and I am using
> Default Principal to Role Mapping, as I was in Glassfish 3.1. I have a
> user
> in the group "user". When I try to access the test web page, the login
> form
> page /login.html correctly asks for a login and password. If I enter a
> wrong
> password, the failed authenticaiton /noauth.hml page shows up, but when I
> enter the correct username and password, the /login.html shows up
> again. This
> suggests that the authentication is working but the role based
> authorization
> is failing. I have even tried to add the mapping of role to group
> explicitly
> in the glassfish-web.xml but that does not work either.
>
> Any help/suggestions would be most appreciated: I am hoping I am
> making some
> simple mistake and this is not a bug...
>
> I am attaching the war file I have created to present the test case.
>
> ...
>
>
> <
>
> security-constraint>
>
>
>
> <web-resource-collection>
>
>
> <web-resource-name>test</web-resource-name>
>
>
> <url-pattern>/index.html</url-pattern>
>
>
> </web-resource-collection>
>
>
> <auth-constraint>
>
>
> <role-name>user</role-name>
>
>
> </auth-constraint>
>
>
> </security-constraint>
>
>
>
>
> <login-config>
>
>
> <auth-method>FORM</auth-method>
>
>
> <realm-name>file-realm</realm-name>
>
>
> <form-login-config>
>
>
> <form-login-page>/login.html</form-login-page>
>
>
> <form-error-page>/noauth.html</form-error-page>
>
>
> </form-login-config>
>
>
> </login-config>
>
>
>
>
> <security-role>
>
>
> <role-name>user</role-name>
>
>
> </security-role>
> ...
>
>
>
>
> --
>
> [Message sent by forum member 'goblue2003']
>
> View Post: http://forums.java.net/node/861990
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.