yes, i already did. my jboss-web.xml is like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC
"-//JBoss//DTD Web Application 2.4//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd";>
<jboss-web>
<security-domain>java:/jaas/saybot</security-domain>
</jboss-web>
and my jboss.xml for my ejb jar is like:
<jboss>
<security-domain>java:/jaas/saybot</security-domain>
....
</jboss>
so i used the java:/jaas/saybot security domain, which is defined in
login-config.xml:
<application-policy name="saybot">
<authentication>
<login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="dsJndiName">java:/SaybotDS</module-option>
<module-option name="principalsQuery">
select password from User where loginName=?
</module-option>
<module-option name="rolesQuery">
select role, 'Roles' from Role r, User u where r.userid=u.id
and u.loginName=? union select 'User', 'Roles'
</module-option>
<module-option name="unauthenticatedIdentity">nobody</module-option>
</login-module>
</authentication>
</application-policy>
it's going to a mysql database for passwords and roles. the tables look like:
create table User (
id BIGINT NOT NULL AUTO_INCREMENT,
loginName VARCHAR(64) not null unique,
name VARCHAR(128) not null,
email VARCHAR(128) not null unique,
password VARCHAR(128) not null,
primary key (id)
);
create table Role (
id BIGINT NOT NULL AUTO_INCREMENT,
role VARCHAR(128) not null,
userid BIGINT not null,
primary key (id)
);
alter table Role add index (userid), add constraint FK26F496CE2B3226 foreign ke
(userid) references User (id);
the server-side test log did not show any error. i was able to run a
cactus test without authentication.
On 7/20/05, M.-Leander Reimer <[EMAIL PROTECTED]> wrote:
> Hi,
>
> have you checked the security domain used in you jboss-web.xml? It's
> usually java:/jass/other which uses roles.properties and
> users.properties (look in you cactified WAR).
> If the roles you use in your web.xml and the user credentials you use in
> the setAuthentication method are not contained in either of the files
> you won't be able to authenticate successfully.
>
> Good luck :-)
>
> Leander
>
>
> Ho-Ki Au schrieb:
> > I was trying to write some cactus tests to test an ejb which required
> > authentication. The application server used was jboss-4.0.2, with the
> > tomcat 5 web container. I followed the instructions documented on the
> > official cactus web site and created a protected
> > ServletRedirectorSecure servlet to do it. When I ran the tests, I got
> > an error message like:
> > [cactus]
> -----------------------------------------------------------------
> > [cactus] Running tests against JBoss 4.0.2
> > [cactus]
> -----------------------------------------------------------------
> > [cactus] (httpclient.HttpMethodBase 2543) Already tried
> > to authenticate with 'localhost:8080' authentication realm at
> > localhost, but still receiving: HTTP/1.1 401 Unauthorized
> > [cactus] (httpclient.HttpMethodBase 2543) Already tried
> > to authenticate with 'localhost:8080' authentication realm at
> > localhost, but still receiving: HTTP/1.1 401 Unauthorized
> > [cactus] Testsuite: com.saybot.directory.DirectoryTest
> > [cactus] Tests run: 1, Failures: 0, Errors: 1, Time elapsed: 0.251
> sec
> > [cactus]
> > [cactus] Testcase: testBasicAuthentication took 0.2 sec
> > [cactus] Caused an ERROR
> > [cactus] Failed to get the test results at
> > [http://localhost:8080/directory/ServletRedirectorSecure]
> > [cactus] org.apache.cactus.util.ChainedRuntimeException: Failed to
> > get the test results at
> > [http://localhost:8080/directory/ServletRedirectorSecure]
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest_aroundBody0(DefaultHttpClient.java:92)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest_aroundBody1$advice(DefaultHttpClient.java:306)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest(DefaultHttpClient.java)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runWebTest(HttpProtocolHandler.java:159)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest_aroundBody0(HttpProtocolHandler.java:80)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest_aroundBody1$advice(HttpProtocolHandler.java:306)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest(HttpProtocolHandler.java)
> > [cactus] at
> >
> org.apache.cactus.internal.client.ClientTestCaseCaller.runTest(ClientTestCaseCaller.java:144)
> > [cactus] at
> >
> org.apache.cactus.internal.AbstractCactusTestCase.runBareClient(AbstractCactusTestCase.java:215)
> > [cactus] at
> >
> org.apache.cactus.internal.AbstractCactusTestCase.runBare(AbstractCactusTestCase.java:133)
> > [cactus] org.apache.cactus.internal.client.ParsingException: Not a
> > valid response [401 Unauthorized]
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.DefaultHttpClient.callGetResult(DefaultHttpClient.java:211)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest_aroundBody0(DefaultHttpClient.java:87)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest_aroundBody1$advice(DefaultHttpClient.java:306)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest(DefaultHttpClient.java)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runWebTest(HttpProtocolHandler.java:159)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest_aroundBody0(HttpProtocolHandler.java:80)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest_aroundBody1$advice(HttpProtocolHandler.java:306)
> > [cactus] at
> >
> org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest(HttpProtocolHandler.java)
> > [cactus] at
> >
> org.apache.cactus.internal.client.ClientTestCaseCaller.runTest(ClientTestCaseCaller.java:144)
> > [cactus] at
> >
> org.apache.cactus.internal.AbstractCactusTestCase.runBareClient(AbstractCactusTestCase.java:215)
> > [cactus] at
> >
> org.apache.cactus.internal.AbstractCactusTestCase.runBare(AbstractCactusTestCase.java:133)
> > [cactus]
> > [cactus] Testcase: testBasicAuthentication
> >
> > That was when I used maven to run the test. I got the same error when
> > I ran java
> > org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner from shell.
> >
> > My web.xml was like:
> > <?xml version="1.0" encoding="UTF-8"?>
> > <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web
> > Application 2.3//EN"
> > "http://java.sun.com/dtd/web-app_2_3.dtd";>
> > <web-app>
> > <filter>
> > <filter-name>FilterRedirector</filter-name>
> >
> <filter-class>org.apache.cactus.server.FilterTestRedirector</filter-class>
> > </filter>
> > <filter-mapping>
> > <filter-name>FilterRedirector</filter-name>
> > <url-pattern>/test/filterRedirector.jsp</url-pattern>
> > </filter-mapping>
> > <servlet>
> > <servlet-name>ServletRedirector</servlet-name>
> >
> <servlet-class>org.apache.cactus.server.ServletTestRedirector</servlet-class>
> > </servlet>
> > <servlet>
> > <servlet-name>SerletRedirectorSecure</servlet-name>
> >
> <servlet-class>org.apache.cactus.server.ServletTestRedirector</servlet-class>
> > </servlet>
> > <servlet>
> > <servlet-name>JspRedirector</servlet-name>
> > <jsp-file>/jspRedirector.jsp</jsp-file>
> > </servlet>
> > <servlet-mapping>
> > <servlet-name>ServletRedirector</servlet-name>
> > <url-pattern>/ServletRedirector</url-pattern>
> > </servlet-mapping>
> > <servlet-mapping>
> > <servlet-name>SerletRedirectorSecure</servlet-name>
> > <url-pattern>/ServletRedirectorSecure</url-pattern>
> > </servlet-mapping>
> > <servlet-mapping>
> > <servlet-name>JspRedirector</servlet-name>
> > <url-pattern>/JspRedirector</url-pattern>
> > </servlet-mapping>
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Cactus Test Redirector</web-resource-name>
> > <url-pattern>/ServletRedirectorSecure</url-pattern>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>User</role-name>
> > </auth-constraint>
> > </security-constraint>
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > </login-config>
> > <security-role>
> > <role-name>User</role-name>
> > </security-role>
> > </web-app>
> >
> > my test was just to test if I could get the principal in the test. It
> > didn't even call any ejb:
> > public void beginBasicAuthentication(WebRequest request) {
> > request.setRedirectorName("ServletRedirectorSecure");
> > request.setAuthentication(new BasicAuthentication("tester1",
> > "tester1"));
> > }
> >
> > public void testBasicAuthentication() {
> > assertEquals("tester1", request.getUserPrincipal().getName());
> > assertEquals("tester1", request.getRemoteUser());
> > assertTrue(request.isUserInRole("User"));
> > }
> >
> > Can someone help me with this please?
> >
> > When I used a browser to go to url
> >
> http://localhost:8080/directory/ServletRedirectorSecure?Cactus_Service=RUN_TEST
> > it popped up a dialog to ask me for username and password. I entered
> > "tester1", "tester1", and it went to a blank page. So that was
> > correct. It didn't show me 401 error.
> >
> > Your help is much appreciated.
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
-hoki
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
