Thanks, that worked.

I tried adding <resin:Allow> (or <security-constraint>) also to add some 
IP filtering (<resin:IfNetwork> vs <ip-constraint>) and then the 
authenticator seems to be overridden. In case the request comes from a 
trusted IP range, no login is required.
I have to add <resin:And> <resin:IfUserInRole role="resin-admin"/> also. 
Is that intended...?

Btw, in order to not mess up the login page I set url-pattern="*.php". 
Any risk this will change in a future release "without further notice"? 
Maybe it's better/safer to allow "/images/*" and "*.css"?


Emil Ong wrote (2010-04-16 23:17):
> Hi Mattias,
> Are you using a custom resin.xml/resin.conf?  If so, you might try
> copying the<resin:AdminAuthenticator>  configuration from the default.
> It looks like this:
>    <resin:AdminAuthenticator>
>      <resin:import path="${__DIR__}/admin-users.xml" optional="true"/>
>    </resin:AdminAuthenticator>
> This part of the install document may also be helpful:
> Best,
> Emil
> On Fri, Apr 16, 2010 at 09:46:33AM +0200, Mattias Jiderhamn wrote:
>> I feel like a newbie for having to ask this, but admittedly I have never
>> used the J2EE authentication mechanism since we have a proprietary one.
>> I'm trying to set up resin-admin following a combination of the
>> instructions at
>> and the
>> instructions shown when accessing the admin app.
>> I have configured the web-app and had it generate a admin-users.xml so
>> that I can log in. However I have no access, apparently since my user is
>> not in the "resin-admin" role.
>> Doing a bit of debugging I end up in a NullAuthenticator that only
>> accepts the "user" role. So I guess I need to configure some other
>> authenticator, right...?
>> -- 
>>     </Mattias>

resin-interest mailing list

Reply via email to