Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Blocker Blocker
    • Resolution: Cannot Reproduce
    • Affects Version/s: 9.0pe
    • Fix Version/s: 9.1pe
    • Component/s: security
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: Sun

    • Issuezilla Id:
      1,769

      Description

      I have a simple web application with basic authentication working in tomcat.
      But when I try on glassfish, it is not working. The important part of web.xml
      entry is given below. I will try to attach the complete war file for you to analyze.

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>
      Entire Application
      </web-resource-name>
      <url-pattern>/secure/secure.html</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>role1</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>file</realm-name>
      </login-config>

      </web-app>

        Activity

        Hide
        unnisworld added a comment -

        Created an attachment (id=645)
        war file for testing.

        Show
        unnisworld added a comment - Created an attachment (id=645) war file for testing.
        Hide
        Shing Wai Chan added a comment -

        <?xml version="1.0" encoding="UTF-8"?>
        The given ear file does not have the security-role-mapping required by GlassFish.
        There are two ways to achieve this:
        (1) add a custom sun-web.xml as in the following example:
        <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application
        Server 7.0 Servlet 2.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/
        sun-web-app_2_3-0.dtd'>

        <sun-web-app httpservlet-security-provider="httpServletTestAuthModule">
        <security-role-mapping>
        <role-name>role1</role-name>
        <group-name>role1</group-name>
        </security-role-mapping>
        </sun-web-app>

        (2) Go to admin gui, turn on default princiapl to role mapping
        Configuration > Security > Default to Role Mapping
        "Restart" the server and redeploy your war file.
        The GlassFish will generate a default security-role-mapping at deployment.

        Show
        Shing Wai Chan added a comment - <?xml version="1.0" encoding="UTF-8"?> The given ear file does not have the security-role-mapping required by GlassFish. There are two ways to achieve this: (1) add a custom sun-web.xml as in the following example: <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/ sun-web-app_2_3-0.dtd'> <sun-web-app httpservlet-security-provider="httpServletTestAuthModule"> <security-role-mapping> <role-name>role1</role-name> <group-name>role1</group-name> </security-role-mapping> </sun-web-app> (2) Go to admin gui, turn on default princiapl to role mapping Configuration > Security > Default to Role Mapping "Restart" the server and redeploy your war file. The GlassFish will generate a default security-role-mapping at deployment.
        Hide
        unnisworld added a comment -

        I enabled Default Principal to Role mapping. BASIC authentication is working
        after that. But now the issue is, isUserInRole("role1") returning false. I am
        printing the following values,

        getRemoteUser=role1
        isUserInRole=false
        UserPrinciple=role1

        Is this the expected behaviour ? Our requirement is to make it working without a
        security-role-mapping file. Is there a way ?

        Show
        unnisworld added a comment - I enabled Default Principal to Role mapping. BASIC authentication is working after that. But now the issue is, isUserInRole("role1") returning false. I am printing the following values, getRemoteUser=role1 isUserInRole=false UserPrinciple=role1 Is this the expected behaviour ? Our requirement is to make it working without a security-role-mapping file. Is there a way ?
        Hide
        Shing Wai Chan added a comment -

        I need to double check if p2r mapping is broken or not.
        In the meantime, can you use the sun*.xml?

        Assign to Bobby to investigate default p2r mapping.

        Show
        Shing Wai Chan added a comment - I need to double check if p2r mapping is broken or not. In the meantime, can you use the sun*.xml? Assign to Bobby to investigate default p2r mapping.
        Hide
        Bobby Bissett added a comment -

        You say that BASIC authentication is now working (and the issue is the caller in
        role call). Is it working with the war file that you have attached to the issue?
        I can't recreate the issue with the attached war – the authentication isn't
        happening. I'd like to know if something else is now not working since I can't
        get as far as you have in recreating the issue. Thanks.

        Show
        Bobby Bissett added a comment - You say that BASIC authentication is now working (and the issue is the caller in role call). Is it working with the war file that you have attached to the issue? I can't recreate the issue with the attached war – the authentication isn't happening. I'd like to know if something else is now not working since I can't get as far as you have in recreating the issue. Thanks.
        Hide
        Bobby Bissett added a comment -

        I'm attaching a war file that shows BASIC auth working for me with a role that I
        created. It's from the EE tutorial, but altered by me. It declares a role
        "mygroup" and shows that the user is in the group when I call isUserInRole().

        Before deploying, make sure "Default Principal To Role Mapping" is enabled and
        the "mygroup" group is created before deployment time. I added "mygroup" by
        adding a user to the file realm and specifying that the user was in that group.
        Let me know if this works for you – I think it satisfies your requirement to
        avoid a sun-web.xml file and use a role that you specify in your application.

        Show
        Bobby Bissett added a comment - I'm attaching a war file that shows BASIC auth working for me with a role that I created. It's from the EE tutorial, but altered by me. It declares a role "mygroup" and shows that the user is in the group when I call isUserInRole(). Before deploying, make sure "Default Principal To Role Mapping" is enabled and the "mygroup" group is created before deployment time. I added "mygroup" by adding a user to the file realm and specifying that the user was in that group. Let me know if this works for you – I think it satisfies your requirement to avoid a sun-web.xml file and use a role that you specify in your application.
        Hide
        Bobby Bissett added a comment -

        Created an attachment (id=675)
        Web app to show BASIC auth with default mapping

        Show
        Bobby Bissett added a comment - Created an attachment (id=675) Web app to show BASIC auth with default mapping
        Hide
        Bobby Bissett added a comment -

        Working with example that I attached. Need to make sure it is working for reporter.

        Show
        Bobby Bissett added a comment - Working with example that I attached. Need to make sure it is working for reporter.

          People

          • Assignee:
            Bobby Bissett
            Reporter:
            unnisworld
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: