[JBoss-user] security with jsp not working

Hajo Hindriks Wed, 18 Jul 2001 04:04:53 -0700
Hi everybody,

I am desperately in need for help..

My goal is to have a web-application that distinguishes 3 types of users.
Anonymous (e.g. has no account), Traders and Admins. I went through the
JAAS-example and I do have a database setup that is working with the
examples (using my own database..)

I have the following entries in the roles-table
  user1, trader, callerprincipal
  user1, admin, callerprincipal
  user2, trader, callerprincipal

In jboss I have a stateless-session bean betx/WebEntry that works. Now I
wanted to add security. There is a method addRequest() that should be
callable for users withoiut restrictions. There is a method getPaper() that
should be called by both Traders and Admins and I have a method
getAccounts() that should only be called from Admins.... I am lost in the
config-files. I appreciate any help in correcting my config-files...

in auth.conf I have an entry
betx {
} //should work... tested with examples

my web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
  PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
  "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd";>

<web-app>

  <!-- Action Servlet Configuration -->
  <servlet>
    <servlet-name>action</servlet-name>

<servlet-class>s1.struts.component.ActionComponentServlet</servlet-class>
..
  </servlet>


  <!-- Action Servlet Mapping -->
  <servlet-mapping>
    <servlet-name>action</servlet-name>
    <url-pattern>*.do</url-pattern>
  </servlet-mapping>
...
  <!-- == Security-Definition
============================================== -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Restricted</web-resource-name>
      <description/>
      <url-pattern>/restricted/*</url-pattern>
<!-- does this mean I have to place restricted jsp-files in a /restricted
subdirectory and leaf the others at the top-level? -->
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>Trader</role-name>
    </auth-constraint>
    <user-data-constraint>
      <description/>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Betx Trading Plattform</realm-name>
  </login-config>

  <security-role>
    <description/>
    <role-name>Trader</role-name>
  </security-role>

  <ejb-ref>
    <ejb-ref-name>WebEntry</ejb-ref-name>
    <ejb-ref-type>Session</ejb-ref-type>
    <home>unizh.ifi.betx.ejb.webentry.WebEntryHome</home>
    <remote>unizh.ifi.betx.ejb.webentry.WebEntry</remote>
  </ejb-ref>
</web-app>

my jboss-web.xml:
<?xml version="1.0" encoding="UTF-8"?>

<jboss-web>
    <security-domain>java:/jaas/betx</security-domain>
    <ejb-ref>
        <ejb-ref-name>WebEntry</ejb-ref-name>
        <jndi-name>betx/WebEntry</jndi-name>
    </ejb-ref>
</jboss-web>

in ejb-jar.xml
...
  <assembly-descriptor>
    <security-descriptor>
      <role-name>Trader</role-name>
    </security-descriptor>

    <method-permission>
      <role-name>Trader</role-name>
      <method>
        <ejb-name>WebEntry</ejb-name>
        <method-name>create</method-name>
      </method>
      <method>
        <ejb-name>WebEntry</ejb-name>
        <method-name>remove</method-name>
      </method>
    </method-permission>

    <method-permission>
      <role-name>Admin</role-name>
      <method>
        <ejb-name>WebEntry</ejb-name>
        <method-name>*</method-name>
      </method>
    </method-permission>
...
  </assembly-descriptor>
</ejb-jar>

 in jboss.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<jboss>
    <security-domain>java:/jaas/betx</security-domain>
..

If I try to delpoy the ear-file with my current config-files I get the
follwing errors in the log:

[EmbeddedTomcatSX] Warning: validation was turned on but an
org.xml.sax.ErrorHandler was not
[EmbeddedTomcatSX] set, which is probably not what is desired.  Parser will
use a default
[EmbeddedTomcatSX] ErrorHandler to print the first 10 errors.  Please call
[EmbeddedTomcatSX] the 'setErrorHandler' method to fix this.
[EmbeddedTomcatSX] Error: URI=null Line=7: Document root element "web-app",
must match DOCTYPE root "web-app".
[EmbeddedTomcatSX] Error: URI=null Line=17: The content of element type
"init-param" must match "(param-name,param-value,description?)".
[EmbeddedTomcatSX] Error: URI=null Line=21: The content of element type
"init-param" must match "(param-name,param-value,description?)".
[EmbeddedTomcatSX] Error: URI=null Line=26: The content of element type
"init-param" must match "(param-name,param-value,description?)".
[EmbeddedTomcatSX] Error: URI=null Line=30: The content of element type
"init-param" must match "(param-name,param-value,description?)".
[EmbeddedTomcatSX] Error: URI=null Line=34: The content of element type
"init-param" must match "(param-name,param-value,description?)".
[EmbeddedTomcatSX] Error: URI=null Line=38: The content of element type
"init-param" must match "(param-name,param-value,description?)".
[EmbeddedTomcatSX] Error: URI=null Line=42: The content of element type
"init-param" must match "(param-name,param-value,description?)".
[EmbeddedTomcatSX] Error: URI=null Line=44: The content of element type
"servlet" must match
"(icon?,servlet-name,display-name?,description?,(servlet-class|jsp-file),ini
t-param*,load-on-startup?,security-role-ref*)".
[EmbeddedTomcatSX] Error: URI=null Line=51: The content of element type
"servlet-mapping" must match "(servlet-name,url-pattern)".
[EmbeddedTomcatSX] Warning: validation was turned on but an
org.xml.sax.ErrorHandler was not
[EmbeddedTomcatSX] set, which is probably not what is desired.  Parser will
use a default
[EmbeddedTomcatSX] ErrorHandler to print the first 10 errors.  Please call
[EmbeddedTomcatSX] the 'setErrorHandler' method to fix this.
[EmbeddedTomcatSX] Error: URI=null Line=10: Document root element "taglib",
must match DOCTYPE root "taglib".
[EmbeddedTomcatSX] Error: URI=null Line=22: The content of element type
"attribute" must match "(name,required?,rtexprvalue?)".
[EmbeddedTomcatSX] Error: URI=null Line=27: The content of element type
"attribute" must match "(name,required?,rtexprvalue?)".
[EmbeddedTomcatSX] Error: URI=null Line=32: The content of element type
"attribute" must match "(name,required?,rtexprvalue?)".
[EmbeddedTomcatSX] Error: URI=null Line=37: The content of element type
"attribute" must match "(name,required?,rtexprvalue?)".

thanks a lot for any help
Hajo


_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] security with jsp not working

Reply via email to
