7 Replies Latest reply on Oct 28, 2003 12:13 AM by swatkat

    JBoss3.2.2+Tomcat Basic Authentication

    bhavin_r
    bhavin_r Jul 17, 2003 11:54 PM

      Hi all,

      I wan to setup a simple Basic Authentication Application. My warfile name is private.war it contains a.html. I want to give authentication on accessing a.html

      When I try to hit a.html it gives me the HTTP basic authentication dialog box. but when i try giving user id and password..it does not authenticate me. and does not show the page. I am not able to figure out what the problem is.

      my settings are:
      web.xml:

      <?xml version="1.0"?>
      <!DOCTYPE web-app PUBLIC
      "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
      "http://java.sun.com/dtd/web-app_2_3.dtd">

      <web-app>

      <welcome-file-list>
      <welcome-file>index.html</welcome-file>
      <welcome-file>index.htm</welcome-file>
      <welcome-file>index.jsp</welcome-file>
      </welcome-file-list>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>a</web-resource-name>

      <url-pattern>/a.html</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      <auth-constraint>

      <role-name>admin</role-name>
      </auth-constraint>

      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>ZREALM</realm-name>
      </login-config>

      <security-role>
      <role-name>admin</role-name>
      </security-role>

      </web-app>

      jboss-web.xml:

      <jboss-web>

      <security-domain>java:/jaas/other</security-domain>

      </jboss-web>

      login-config.xml:
      has this as one of the entry by default:

      <application-policy name = "other">

      <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />

      </application-policy>

      the follwoing two files are in web-inf > classes folder

      users.properties
      admin=admin

      roles.properties:
      admin=admin

      so when i try using admin/admin it should allow me to see a.html...isn't it ?

      what could be the problem....?

      can any one send me a simple basic authentication example in war file..so that i can test it directly on my jboss server...?

      thanks in advance

      bhavin
      bhavin_raichura@hotmail.com

      • 4830 Views
      • Tags:
        • 1. Re: JBoss3.2.2+Tomcat Basic Authentication
          bhavin_r
          bhavin_r Jul 20, 2003 9:05 PM (in response to bhavin_r)

          ...surprised !!!.......no reply yet for such a simple question...?

          can anyone send me a .war file with just one helloworld.html which will have basic authentication feature..... which i can run on jboss3.2.2+Tomcat

          i can get the basic authentication dialog box but it doesnot authenticate me....what could be the reason ?

          is it a bug ...?

          bhavin

            • Actions
          • 2. Re: JBoss3.2.2+Tomcat Basic Authentication
            ogandit
            ogandit Jul 21, 2003 9:35 AM (in response to bhavin_r)

            Try to put jboss-web.xml file in WEB-INF directory of your war file.
            This solved the problem for me.

              • Actions
            • 3. Re: JBoss3.2.2+Tomcat Basic Authentication
              bhavin_r
              bhavin_r Jul 23, 2003 3:44 AM (in response to bhavin_r)


              ........thanks for your reply....., but........my jboss-web.xml file is already in the web-inf folder of the .war file....

                • Actions
              • 4. Re: JBoss3.2.2+Tomcat Basic Authentication
                acristi
                acristi Jul 23, 2003 8:27 AM (in response to bhavin_r)

                I have the same problem for the same configuration. I cannot authenticate (& authorize) myself even if I use Digest or Form based authentication mechanism for my realm.

                Instead, if I perform a simple authentication (same realm):

                UsernamePasswordHandler handler = new UsernamePasswordHandler("username", "password".toCharArray());
                LoginContext lc = new LoginContext("myrealm", handler);
                lc.login();

                ... I'll successfully authenticate. Other problem is I can't authorize myself to my realm in this way.

                The same problems, even worse for JBoss 3.2.1.

                I hope someone loves us !

                Cristi

                  • Actions
                • 5. Re: JBoss3.2.2+Tomcat Basic Authentication
                  tramey
                  tramey Jul 30, 2003 11:42 AM (in response to bhavin_r)

                  Did you look at the log to see if the users.properties and roles.properties files were found? I had the same problem, but when I moved the users.properties and roles.properties files to the main directory of my war file, it worked.

                    • Actions
                  • 6. Re: JBoss3.2.2+Tomcat Basic Authentication
                    noel.rocher
                    noel.rocher Jul 31, 2003 5:22 AM (in response to bhavin_r)

                    Hi,

                    You have the jmx-console app bundled with JBoss3.2. Then you can secure it as mention in doco (or even if you look inside the web app files).

                    It's a good simple example. And it works.

                    Noel

                      • Actions
                    • 7. Re: JBoss3.2.2+Tomcat Basic Authentication
                      swatkat
                      swatkat Oct 28, 2003 12:13 AM (in response to bhavin_r)

                      I did all of those mentioned in the jmx-console web.xml and jboss-web.xml but it doesnt work still and
                      i am using DatabaseServerLoginModule and not file based login.

                      any views..?

                      Was the problem solved. yet

                      Regards

                      Swatkat

                        • Actions