users@glassfish.java.net

In GlassFish, is there special about a group called "Glassfish_group"?

From: <forums_at_java.net>
Date: Mon, 16 Jan 2012 17:04:31 -0600 (CST)

 

I was wondering if there is a group named "Glassfish_group" that is treated
specially in GlassFish 3.11?

What I mean by "treated specially" is:  Is that group name, including it
casing, some kind of default group name in GlassFish 3.11, or something like
that?

The reason for the question is that I've been working on integrating OAM with
GlassFish 3.1.1, and have been following a procedure like here:

http://www.oracle.com/technetwork/middleware/glassfish/documentation/glassfishoamsecurityprovider-170277.html
[1]

On that page above, there's a link to a small webapp, "BasicAuthen", from:

http://www.oracle.com/technetwork/middleware/glassfish/documentation/glassfishoamsecurityprovidersample-171408.zip

The sun-web.xml in the web app has:

<code><?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application
Server 9.0 Servlet 2.5//EN"
"http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="" httpservlet-security-provider="MySAM">  
<context-root>/BasicAuthen</context-root>   <security-role-mapping>    
<role-name>glassfish</role-name>    
<group-name>Glassfish_group</group-name>   </security-role-mapping>  
<class-loader delegate="true"/>   <jsp-config>     <property
name="keepgenerated" value="true">       <description>Keep a copy of the
generated servlet class' java code.</description>     </property>  
</jsp-config> </sun-web-app>  
</code>

I got the integration kind of working, but then we tried to change the role
mapping section in the sun-web.xml to map a different group name,
"glassfish_group", instead of the original "Glassfish_group", and changed the
group name in the LDAP (OID) correspondingly to "glassfish_group", we
suddenly started getting 403 errors from GlassFish when we try to access
/BasicAuthen.

[NOTE: the 403 error appears to be coming from GlassFish itself.  The user
is being authenticated successfully, and then we get the GlassFish-style 403
error web page.]

We've tried a number of variations, e.g., changing the group name in the
sun-web.xml and in the LDAP to "Glassfish_group1", and still get the 403
error.

The ONLY group name that appears to work correctly is the original
"Glassfish_group".

At this point, we can't understand what is happening?

Pls advise if any ideas?

Thanks,

Jim

 

 

 


[1]
http://www.oracle.com/technetwork/middleware/glassfish/documentation/glassfishoamsecurityprovider-170277.html 

--
[Message sent by forum member 'jimcpl']
View Post: http://forums.java.net/node/882740
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.