users@glassfish.java.net

simple embedded security fails: Login failed: Unable to locate a login configuration

From: Matthew Cornell <cornell_at_cs.umass.edu>
Date: Wed, 30 May 2012 21:30:44 -0400

Hi Folks. I hope you can help. I'm creating unit tests for our application, and I'm stuck. For testing I have a simple HelloWebServlet that I'm protecting via annotations:

  @WebServlet(urlPatterns = {"/hello"})
  @ServletSecurity(@HttpConstraint(rolesAllowed = {"user"}))

I'm starting the server the way that's always worked OK (see [1]) and creating users (see [2]) seems to be OK because output from CommandRunner calls to list-file-users and list-file-groups are correct, but I'm getting this error when I try to connect using the username and password:

  WARNING: WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Unable to locate a login configuration

The calling code uses the Jersey client API:

    @Test
    public void testPingServletLoggedIn() {
        Client client = Client.create();
        client.addFilter(new HTTPBasicAuthFilter(GlassFishServerHelper.USERNAME, "xx"));
        WebResource webResource = client.resource(GlassFishServerHelper.getBaseUri() + "/hello");
        ClientResponse clientResponse = webResource
                .accept(MediaType.TEXT_PLAIN)
                .get(ClientResponse.class); // @GET
        assertEquals(ClientResponse.Status.OK, clientResponse.getClientResponseStatus());
    }


(Note: I tried to set javax.enterprise.system.core.security.level=FINE but that call failed with: PlainTextActionReporterFAILURENo configuration found for javax.enterprise.system.core.security . Drat!)

I've tried this against both glassfish-embedded-all-3.1.2.jar (our production version) and glassfish-embedded-all-3.2-b06.jar with the same results. What do you think would solve this? I'd be really grateful for your help! I've struggled and succeeded way too many times with GFE to stop now.

Thanks in advance,

matt


==== [1] server startup (excerpt) ====

    public static void startServer() {
            GlassFishProperties gfProps = new GlassFishProperties();
            gfProps.setPort("http-listener", PORT);
            GLASSFISH = GlassFishRuntime.bootstrap().newGlassFish(gfProps);
            GLASSFISH.start();

            enableDefaultPrincipleToRoleMapping();
            createUsersAndGroups();

            ScatteredArchive archive = new ScatteredArchive(WEB_APP_NAME, ScatteredArchive.Type.WAR);
            File classesDir = new File("out/production/simple-security-servlet-test");
            archive.addClassPath(classesDir);
            DEPLOYER = GLASSFISH.getDeployer();
            APP_NAME = DEPLOYER.deploy(archive.toURI());


    private static void enableDefaultPrincipleToRoleMapping() throws GlassFishException {
        CommandRunner cr = GLASSFISH.getCommandRunner();
        CommandResult result = cr.run("set",
                "server-config.security-service.activate-default-principal-to-role-mapping=true");
    }


==== [2] user creation (excerpt) ====

    private static void createUsersAndGroups() throws GlassFishException {
        CommandRunner commandRunner = GLASSFISH.getCommandRunner();
        File passwordFile = new File("password-file.txt");
        CommandResult result = commandRunner.run("create-file-user",
                "--passwordfile", passwordFile.getAbsolutePath(),
                "--groups", "user",
                USERNAME
        );
    }


The password file contains:

AS_ADMIN_PASSWORD=adminadmin
AS_ADMIN_USERPASSWORD=xx


==== EOF ====