Skip to main content

web.xml authentication issue

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
4 replies [Last post]
fitnage
Offline
Joined: 2011-03-01

We are running 3.0.1

We are trying to secure subfolders, ie parts, to only the parts group. It is not working as advertised. As long as a person exists in the groups table, does not matter what group is next to the account name..it will let all into that constrained part of the website. No errors showing on any setting within the glassfish logs.

CREATE TABLE t_groups
(
c_username character varying(15) NOT NULL,
groups character varying(15),
CONSTRAINT pk_c_username PRIMARY KEY (c_username),
CONSTRAINT "fk_loginUser" FOREIGN KEY (c_username)
REFERENCES t_login (c_username) MATCH SIMPLE
ON UPDATE NO ACTION ON DELETE NO ACTION
)

CREATE TABLE t_login
(
c_id integer NOT NULL,
c_username character varying(20) NOT NULL,
c_password character varying(65) NOT NULL,
c_active smallint DEFAULT 0,
c_access integer DEFAULT 0,
c_company character varying(35),
c_role integer DEFAULT 2,
CONSTRAINT pk_username PRIMARY KEY (c_username)
)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<!-- property name="alternatedocroot_1" value="from=/faces/* dir=D:/images/thumbs" / -->
<context-root>/NLINK01</context-root>

<security-role-mapping>
<role-name>parts</role-name>
<group-name>Parts</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>users</role-name>
<group-name>Users</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>admins</role-name>
<group-name>Admins</group-name>
</security-role-mapping>
</sun-web-app>

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>

<security-constraint>
<display-name>SecurePlace</display-name>
<web-resource-collection>
<web-resource-name>Secure Application</web-resource-name>
<url-pattern>/parts/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>parts</role-name>
<role-name>admins</role-name>
</auth-constraint>

</security-constraint>
<security-constraint>
<display-name>SecurePlace</display-name>
<web-resource-collection>
<web-resource-name>Secure Application</web-resource-name>
<url-pattern>/NLINK/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>users</role-name>
<role-name>admins</role-name>
</auth-constraint>

</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>NlinkRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>

</web-app>

Any help would be appreciated.

Ron

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Kumar Jayanti Guest
Offline
Joined: 2011-04-02

You are using a Custom Realm NlinkRealm. Can you tell us if that is a copy of the GlassFish JDBC Realm ?. Have you tried using JDBCRealm from GlassFish ?.

Make sure that the following method is overridden correctly in your custom Realm :

public abstract Enumeration getGroupNames (String username)
throws InvalidOperationException, NoSuchUserException;

On 29-Aug-2011, at 11:04 PM, forums@java.net wrote:

> We are running 3.0.1
>
> We are trying to secure subfolders, ie parts, to only the parts group. It is
> not working as advertised. As long as a person exists in the groups table,
> does not matter what group is next to the account name..it will let all into
> that constrained part of the website. No errors showing on any setting within
> the glassfish logs.
>
> CREATE TABLE t_groups
> (
> c_username character varying(15) NOT NULL,
> groups character varying(15),
> CONSTRAINT pk_c_username PRIMARY KEY (c_username),
> CONSTRAINT "fk_loginUser" FOREIGN KEY (c_username)
> REFERENCES t_login (c_username) MATCH SIMPLE
> ON UPDATE NO ACTION ON DELETE NO ACTION
> )
>
>
> CREATE TABLE t_login
> (
> c_id integer NOT NULL,
> c_username character varying(20) NOT NULL,
> c_password character varying(65) NOT NULL,
> c_active smallint DEFAULT 0,
> c_access integer DEFAULT 0,
> c_company character varying(35),
> c_role integer DEFAULT 2,
> CONSTRAINT pk_username PRIMARY KEY (c_username)
> )
>
> <?xml version="1.0" encoding="UTF-8"?>
> Application Server 3.0 Servlet 3.0//EN"
> "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
>
> dir=D:/images/thumbs" / -->
> /NLINK01
>
>
> parts
> Parts
>
>
> users
> Users
>
>
> admins
> Admins
>
>
>
>
>
>
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>
> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
> version="3.0">
>
>
> 30
>
>
>
>
>
> SecurePlace
>
> Secure
> Application
> /parts/*
>
>
> parts
> admins
>
>
>
>
> SecurePlace
>
> Secure
> Application
> /NLINK/*
>
>
> users
> admins
>
>
>
>
>
> FORM
> NlinkRealm
>
> /login.jsp
> /error.jsp
>
>
>
>
>
>
> Any help would be appreciated.
>
> Ron
>
>
>
>
> --
>
> [Message sent by forum member 'fitnage']
>
> View Post: http://forums.java.net/node/838469
>
>

fitnage
Offline
Joined: 2011-03-01

Not using custom realm...just using JDBCRealm

Nithya Subraman...
Offline
Joined: 2011-03-21

Also, could you please let us know about the realm properties (mapping
of the columns to the realm properties ) ?

Thanks
Nithya

On Tuesday 30 August 2011 10:53 AM, Kumar Jayanti wrote:
> You are using a Custom Realm NlinkRealm. Can you tell us if that is a copy of the GlassFish JDBC Realm ?. Have you tried using JDBCRealm from GlassFish ?.
>
> Make sure that the following method is overridden correctly in your custom Realm :
>
> public abstract Enumeration getGroupNames (String username)
> throws InvalidOperationException, NoSuchUserException;
>
>
> On 29-Aug-2011, at 11:04 PM, forums@java.net wrote:
>
>> We are running 3.0.1
>>
>> We are trying to secure subfolders, ie parts, to only the parts group. It is
>> not working as advertised. As long as a person exists in the groups table,
>> does not matter what group is next to the account name..it will let all into
>> that constrained part of the website. No errors showing on any setting within
>> the glassfish logs.
>>
>> CREATE TABLE t_groups
>> (
>> c_username character varying(15) NOT NULL,
>> groups character varying(15),
>> CONSTRAINT pk_c_username PRIMARY KEY (c_username),
>> CONSTRAINT "fk_loginUser" FOREIGN KEY (c_username)
>> REFERENCES t_login (c_username) MATCH SIMPLE
>> ON UPDATE NO ACTION ON DELETE NO ACTION
>> )
>>
>>
>> CREATE TABLE t_login
>> (
>> c_id integer NOT NULL,
>> c_username character varying(20) NOT NULL,
>> c_password character varying(65) NOT NULL,
>> c_active smallint DEFAULT 0,
>> c_access integer DEFAULT 0,
>> c_company character varying(35),
>> c_role integer DEFAULT 2,
>> CONSTRAINT pk_username PRIMARY KEY (c_username)
>> )
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> > Application Server 3.0 Servlet 3.0//EN"
>> "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
>>
>> > dir=D:/images/thumbs" / -->
>> /NLINK01
>>
>>
>> parts
>> Parts
>>
>>
>> users
>> Users
>>
>>
>> admins
>> Admins
>>
>>
>>
>>
>>
>> >
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>
>> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
>> http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
>> version="3.0">
>>
>>
>> 30
>>
>>
>>
>>
>>
>> SecurePlace
>>
>> Secure
>> Application
>> /parts/*
>>
>>
>> parts
>> admins
>>
>>
>>
>>
>> SecurePlace
>>
>> Secure
>> Application
>> /NLINK/*
>>
>>
>> users
>> admins
>>
>>
>>
>>
>>
>> FORM
>> NlinkRealm
>>
>> /login.jsp
>> /error.jsp
>>
>>
>>
>>
>>
>>
>> Any help would be appreciated.
>>
>> Ron
>>
>>
>>
>>
>> --
>>
>> [Message sent by forum member 'fitnage']
>>
>> View Post: http://forums.java.net/node/838469
>>
>>

fitnage
Offline
Joined: 2011-03-01