2 Replies Latest reply on Jun 30, 2003 1:26 PM by owulff

    setup basic authentication for webapp

    owulff

      I tried to setup a webapp with basic authentication. I did the following:
      1) web.xml:
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>PrincipalServlet</web-resource-name>

      <url-pattern>/PrincipalServlet</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      <auth-constraint>

      <role-name>ADMIN</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>ZREALM</realm-name>
      </login-config>

      2) jboss-web.xml
      <?xml version="1.0"?>

      <security-domain>java:/jaas/other</security-domain>


      the security domain "other" is defined in /conf/login-config.xml.

      3) I've copied the files users.properties and roles.properties to the WEB-INF/classes directory.

      4) the servlet does the following:
      Principal p = req.getUserPrincipal();
      res.setContentType("text/html");
      PrintWriter out = res.getWriter();
      out.println("");
      out.println("Principal Test");
      out.println("Principal");
      out.println("Name: " + p.getName());
      out.println("ADMIN: " + req.isUserInRole("ADMIN"));
      out.println("ERLAUBT1: " + req.isUserInRole("ERLAUBT1"));
      out.println("");

      If I access http://localhost:8080/sec_test/PrincipalServlet I won't be asked to enter username and password and isUserInRole() returns true in both cases.

      What am I doing wrong?