RE: login proxy problem

Hu, Yiguang Wed, 21 Jun 2006 05:34:36 -0700

Thanks Akshay. It does work. 
Yiguang

-----Original Message-----
From: Akshay Ahooja [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, June 20, 2006 10:13 PM
To: Jetspeed Users List
Subject: Re: login proxy problem


If you are using a newer version of Tomcat it will do that to you unless
you
explicitly define your user roles:

In web.xml under <security-constraint>

Instead of:
 <auth-constraint>
 <role-name>*</role-name>
 </auth-constraint>

Change to:
 <auth-constraint>
 <role-name>admin</role-name>
  <role-name>user</role-name>
  <role-name>manager</role-name>
 </auth-constraint>

And then try it - it should work...

HTH,

Akshay





On 6/20/06, Hu, Yiguang <[EMAIL PROTECTED]> wrote:
>
> I have the following login page under /jetspeed/index.jsp (not a
> portlet). I don't have problem with admin users. But run into problem
> with non-admin user. After I provide the credentials for the login, it
> was redirected to /jetspeed/login/redirector servlet which report the
> following "HTTP Status 403" on the page. If I do
> localhost:8080/Jetspeed/portal, it will show me the default page
though.
> I also attached the Jetspeed.log file which says  "-  Failed
> authenticate() test ??/jetspeed/login/j_security_check" and
>
> DEBUG org.apache.catalina.realm.RealmBase - Username tester does NOT
> have role admin
>
> DEBUG org.apache.catalina.realm.RealmBase - No role found:  admin
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Failed
> accessControl() test
>
>
>
>
>
> Any help is appreciated.
>
> Thanks
>
>
> "HTTP Status 403 - Access to the requested resource has been denied
>
> ________________________________
>
>
> type Status report
>
> message Access to the requested resource has been denied
>
> description Access to the specified resource (Access to the requested
> resource has been denied) has been forbidden.
>
> "
>
> I saw this in the Jetspeed.log file:
>
> DEBUG org.apache.catalina.realm.JAASRealm - JAAS LoginContext created
> for username "tester"
>
> DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal
"tester"
> [org.apache.jetspeed.security.impl.UserPrincipalImpl
>
> DEBUG org.apache.catalina.realm.JAASRealm - Principal "tester" is a
> valid user class. We will use this as the user Principal.
>
> DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal
> "testrole" [org.apache.jetspeed.security.impl.RolePrincipalImp
>
> l
>
> DEBUG org.apache.catalina.realm.JAASRealm - Adding role Principal
> "testrole" to this user Principal's roles
>
> DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal "user"
> [org.apache.jetspeed.security.impl.RolePrincipalImpl
>
> DEBUG org.apache.catalina.realm.JAASRealm - Adding role Principal
> "user" to this user Principal's roles
>
> DEBUG org.apache.catalina.realm.JAASRealm - Username "tester"
> successfully authenticated as Principal "{1}" -- Subject was cr
>
> eated too
>
> DEBUG org.apache.catalina.authenticator.FormAuthenticator -
> Authentication of 'tester' was successful
>
> DEBUG org.apache.catalina.authenticator.FormAuthenticator -
Redirecting
> to original '/jetspeed/login/redirector'
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Failed
> authenticate() test ??/jetspeed/login/j_security_check
>
> DEBUG org.apache.catalina.connector.CoyoteAdapter -  Requested cookie
> session id is E3C7DBE736DB74705622495DCE3A7D55
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Security
> checking request GET /jetspeed/login/redirector
>
> DEBUG org.apache.catalina.realm.RealmBase -   Checking constraint
> 'SecurityConstraint[Login
>
> DEBUG org.apache.catalina.realm.RealmBase -   Checking constraint
> 'SecurityConstraint[Manager
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Calling
> hasUserDataPermission()
>
> DEBUG org.apache.catalina.realm.RealmBase -   User data constraint has
> no restrictions
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Calling
> authenticate()
>
> DEBUG org.apache.catalina.authenticator.FormAuthenticator - Restore
> request from session 'E3C7DBE736DB74705622495DCE3A7D55'
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -
> Authenticated 'tester' with type 'FORM'
>
> DEBUG org.apache.catalina.authenticator.FormAuthenticator - Proceed to
> restored request
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Calling
> accessControl()
>
> DEBUG org.apache.catalina.realm.RealmBase -   Checking roles
> GenericPrincipal[tester(testrole,user,)
>
> DEBUG org.apache.catalina.realm.RealmBase - Username tester does NOT
> have role admin
>
> DEBUG org.apache.catalina.realm.RealmBase - No role found:  admin
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Failed
> accessControl() test
>
>
>
> The index page under /Jetspeed
>
>
>
> <form method="POST" action='/jetspeed/login/proxy'>
>
>         Username
>
>         <input type="text" size="30"
> name="org.apache.jetspeed.login.username" value="">
>
>         Password
>
>         <input type="password" size="30"
> name="org.apache.jetspeed.login.password">
>
>         <input type="submit" value="Login">
>
>     </form>
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: login proxy problem

Reply via email to