|
I want to implement basic authentication
and used the primer at
as a guide, but have not managed to
password protect page one so far. The URL I'm trying to protect responds
normally with no login dialog being presented, i.e. my security constraints are
apparently malformed, and are being ignored.
The primer shows how:
a) users are assigned to groups
(<user>, principals.xml),
b) how <security-role>'s are
defined by a web app (<security-role>, web.xml).
c) how <web-resource-collection>'s
are defined and
d) and how the role a permitted user
must have to access a resource is bound to the resource
(<security-constraint>, web.xml).
However, the primer does not show the
xml to assign roles to groups, although it asserts that this needs to be done:
A security role is mapped to users indirectly, via user
groups.
Should group/security-role
binding be done via the <security-role-mapping> tag in orion-application.xml, or is there
some other linkage I am unaware of ?
I inserted the following in the
orion-application.xml, after deployment:
<security-role-mapping impliesAll="true" name="sr_headcounter">
<group name="gr_headcounters" />
</security-role-mapping>
but it made no difference to my test
case. The authentication dialog did not appear. I have appended content of the relevant xml files
from my test case below, and the ear is atached). If anyone can shed any
light on why I cannot trigger authentication, much TIA. I'm running NT4
sp6, JDK1.2.2, Orion 1.4.5, and IE 5.00. IE's user authentication option
is set to Automatic logon only in Intranet zone. I'm signed on to NT
under a user-id that should not be able to load the first (and only) page of the
test-case app.
---------------------
My principals.xml is as
follows:
<?xml version="1.0"?>
<!DOCTYPE principals PUBLIC "file://Evermind - Orion Principals//" "http://www.orionserver.com/dtds/principals.dtd" > <principals>
<groups> <group name="administrators"> <description>administrators</description> <permission name="administration" /> <permission name="com.evermind.server.AdministrationPermission" /> </group> <group name="guests"> <description>guests</description> </group> <group name="users"> <description>users</description> <permission name="rmi:login" /> <permission name="com.evermind.server.rmi.RMIPermission" /> </group> <group name="gr_headcounters"> <description>users of the headcount application</description> </group> </groups> <users> <user username="admin" password="xxxxxxx"> <description>The default administrator</description> <group-membership group="administrators" /> <group-membership group="guests" /> <group-membership group="users" /> </user> <user username="user" password="xxxxxxxx" deactivated="true"> <description>The default user</description> <group-membership group="guests" /> <group-membership group="users" /> </user> <user username="anonymous" password=""> <description>The default guest/anonyomous user</description> <group-membership group="guests" /> </user> <user username="hcounter" password="xxx"> <description>Headcount Joe - a test identity</description> <group-membership group="guests" /> <group-membership group="users" /> <group-membership group="gr_headcounters" /> </user> </users> </principals> -------------------------------
my web.xml is as follows:
<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd"> <web-app>
<display-name>Authenticate Web Application</display-name> <servlet> <servlet-name>com.allipl.authenticate.FrontServlet</servlet-name> <description>Servlet that demands browser credentials</description> <servlet-class>com.allipl.authenticate.FrontServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>com.allipl.authenticate.FrontServlet</servlet-name> <!-- url-pattern appears to be relative to the context root specified in config/default-website.xml --> <url-pattern>/</url-pattern> </servlet-mapping> <security-role> <role-name>sr_headcounter</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>Front Servlet</web-resource-name> <url-pattern>/</url-pattern> <http-method>*</http-method> </web-resource-collection> <auth-constraint> <role-name>sr_headcounter</role-name> </auth-constraint> </security-constraint> </web-app>
------------------------
my app's application.xml
<?xml version="1.0"?>
<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN" "http://java.sun.com/j2ee/dtds/application_1_2.dtd"> <application>
<display-name>Authentication Experimental
Application)</display-name>
<module>
<web> <web-uri>authenticate-web.war</web-uri> <context-root>/authenticate</context-root> </web> </module> </application> -----------------------------
the orion-generated,
orion-application.xml:
<?xml version="1.0"?>
<!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application runtime 1.2//EN" "http://www.orionserver.com/dtds/orion-application.dtd"> <orion-application
deployment-version="1.4.5">
<web-module id="authenticate-web" path="authenticate-web.war" /> <security-role-mapping name="authenticate-app-user"> </security-role-mapping> <security-role-mapping name="sr_headcounter"> <group name="gr_headcounters" /> </security-role-mapping> <persistence path="persistence" /> <principals path="principals.xml" /> <log> <file path="application.log" /> </log> <namespace-access> <read-access> <namespace-resource root=""> <security-role-mapping name="<jndi-user-role>"> <group name="administrators" /> </security-role-mapping> </namespace-resource> </read-access> <write-access> <namespace-resource root=""> <security-role-mapping name="<jndi-user-role>"> <group name="administrators" /> </security-role-mapping> </namespace-resource> </write-access> </namespace-access> </orion-application> The lines in red, in the above file, were
manually inserted after deployment of the authenticate app, and resulting in an
auto deploy.
|
authenticate-eap.ear- BASIC authentication bradley mclain
- Re: Basic Authentication Bill Winspur
- Re: Basic Authentication Brian Adair
- Re: Basic Authentication Bill Winspur
- Re: Basic Authentication Bill Winspur
