Group/role-mapping problem with own User implementation

Sat, 25 Nov 2000 08:10:03 -0800 

Hi everybody,

I have a problem with the EJBUserManager. I have written my own
implementation of User, which extends EJBUser to include the user's
e-mail-address. The UserManager is set up correctly and it finds the
right user, which is correctly authenticated. But then either the group
is not correcly determined or the group is not mapped correctly to the
corresponding role. I don't know what happens exactly but I always get
an http-error "401 Unauthorized" when accessing the secured document.

The remote interface (User.java) just extends com.evermind.ejb.EJBUser
and adds business-methods for setting and getting the email-address. The
home interface provides create(), findAll() and findByPrimaryKey()
methods.
The EJB implementation has attributes for username, password, email and
groups (which is a set of Strings). All business methods do what they
are expected to, just the description, the locale and the certificate
stuff is not managed (the get methods simply return null).
When deploying that stuff two tables are created: User and User_groups.
User_groups stores the username together with the groupname. Every user
is automatically added to the group "Player".

The web.xml contains the following security constraints:
   <security-constraint>
      <web-resource-collection>
         <url-pattern>/secret.html</url-pattern>
         <http-method>*</http-method>
      </web-resource-collection>
 
      <auth-constraint>
         <role-name>authuser</role-name>
      </auth-constraint>
   </security-constraint>
 
   <login-config>
      <auth-method>BASIC</auth-method>
   </login-config>
 
   <security-role>
      <role-name>authuser</role-name>
   </security-role>

The orion-application.xml contains the tags for using the EJBUserManager
and for role mapping:
   <security-role-mapping name="authuser">
        <group name="Player"/>
   </security-role-mapping>
   <principals path="principals.xml" />
   <user-manager class="com.evermind.ejb.EJBUserManager">
        <property name="home" value="User" />
        <property name="defaultGroups" value="Player" />
   </user-manager>

The principals.xml contains neither a group nor a user.


If anbody has an idea, please contact me. Maybe it would help me if
anybody could tell me how the authentification-process goes on (e.g.
which methods are called in sequence).


Thanks for your effort,
Kai Schilz

Reply via email to