Issue Details (XML | Word | Printable)

Key: GLASSFISH-1769
Type: Bug Bug
Status: Resolved Resolved
Resolution: Cannot Reproduce
Priority: Blocker Blocker
Assignee: Bobby Bissett
Reporter: unnisworld
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
glassfish

Basic authentication not working.

Created: 15/Dec/06 05:25 AM   Updated: 11/Jan/07 10:19 AM   Resolved: 11/Jan/07 10:19 AM
Component/s: security
Affects Version/s: 9.0pe
Fix Version/s: 9.1pe

Time Tracking:
Not Specified

File Attachments: 1. File hello2_basicauth.war (7 kB) 11/Jan/07 10:17 AM - Bobby Bissett
2. File test.war (2 kB) 15/Dec/06 05:26 AM - unnisworld

Environment:

Operating System: All
Platform: Sun


Issuezilla Id: 1,769
Tags:
Participants: Bobby Bissett, Shing Wai Chan and unnisworld


 Description  « Hide

I have a simple web application with basic authentication working in tomcat.
But when I try on glassfish, it is not working. The important part of web.xml
entry is given below. I will try to attach the complete war file for you to analyze.

<security-constraint>
<web-resource-collection>
<web-resource-name>
Entire Application
</web-resource-name>
<url-pattern>/secure/secure.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>

</web-app>



unnisworld added a comment - 15/Dec/06 05:26 AM

Created an attachment (id=645)
war file for testing.


Shing Wai Chan added a comment - 15/Dec/06 12:18 PM

<?xml version="1.0" encoding="UTF-8"?>
The given ear file does not have the security-role-mapping required by GlassFish.
There are two ways to achieve this:
(1) add a custom sun-web.xml as in the following example:
<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application
Server 7.0 Servlet 2.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/
sun-web-app_2_3-0.dtd'>

<sun-web-app httpservlet-security-provider="httpServletTestAuthModule">
<security-role-mapping>
<role-name>role1</role-name>
<group-name>role1</group-name>
</security-role-mapping>
</sun-web-app>

(2) Go to admin gui, turn on default princiapl to role mapping
Configuration > Security > Default to Role Mapping
"Restart" the server and redeploy your war file.
The GlassFish will generate a default security-role-mapping at deployment.


unnisworld added a comment - 21/Dec/06 10:10 PM

I enabled Default Principal to Role mapping. BASIC authentication is working
after that. But now the issue is, isUserInRole("role1") returning false. I am
printing the following values,

getRemoteUser=role1
isUserInRole=false
UserPrinciple=role1

Is this the expected behaviour ? Our requirement is to make it working without a
security-role-mapping file. Is there a way ?


Shing Wai Chan added a comment - 22/Dec/06 04:06 PM

I need to double check if p2r mapping is broken or not.
In the meantime, can you use the sun*.xml?

Assign to Bobby to investigate default p2r mapping.


Bobby Bissett added a comment - 11/Jan/07 07:29 AM

You say that BASIC authentication is now working (and the issue is the caller in
role call). Is it working with the war file that you have attached to the issue?
I can't recreate the issue with the attached war – the authentication isn't
happening. I'd like to know if something else is now not working since I can't
get as far as you have in recreating the issue. Thanks.


Bobby Bissett added a comment - 11/Jan/07 10:14 AM

I'm attaching a war file that shows BASIC auth working for me with a role that I
created. It's from the EE tutorial, but altered by me. It declares a role
"mygroup" and shows that the user is in the group when I call isUserInRole().

Before deploying, make sure "Default Principal To Role Mapping" is enabled and
the "mygroup" group is created before deployment time. I added "mygroup" by
adding a user to the file realm and specifying that the user was in that group.
Let me know if this works for you – I think it satisfies your requirement to
avoid a sun-web.xml file and use a role that you specify in your application.


Bobby Bissett added a comment - 11/Jan/07 10:17 AM

Created an attachment (id=675)
Web app to show BASIC auth with default mapping


Bobby Bissett added a comment - 11/Jan/07 10:19 AM

Working with example that I attached. Need to make sure it is working for reporter.