This content has been marked as final.
Show 6 replies
-
1. Re: BASIC authentication does not work with jboss-3.2.1_tomc
cgsandy Aug 20, 2003 4:06 PM (in response to mlipp)"cgsandy" wrote:
I'm seeing the same thing. A webapp will run with BASIC authentication on JBoss-3.2.1, but fails with JBoss-3.2.1_tomcat-4.1.24. Any ideas? -
2. Re: BASIC authentication does not work with jboss-3.2.1_tomc
mlipp Aug 21, 2003 2:24 AM (in response to mlipp)"MLipp" wrote:
I think I have resolved the issue. You can find a detailed explanation here http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22617.
Basically, what breaks things is supporting the unauthenticated identity. Obviously tomcat tries to authenticate request that have no "Authentication" header (instead of having the browser prompt for credentials first) and thus you are always identified as the unauthenticated identity.
As a workaround, I have defined my application-policy in login-config.xml twice: once with unauthenticatedIdentity (used as realm by EJBs) and once without unauthenticatedIdentity, used in jboss-web.xml and thus for tomcat.
- Michael -
3. Re: BASIC authentication does not work with jboss-3.2.1_tomc
cgsandy Aug 21, 2003 11:23 AM (in response to mlipp)"cgsandy" wrote:
Thanks! I'll give it a try. -
4. Re: BASIC authentication does not work with jboss-3.2.1_tomc
sysuser1 Oct 30, 2003 4:15 PM (in response to mlipp)"kssubramanian81" wrote:
Hi
Could anyone of you let me know how to get basic authentication to work with JBoss 3.2.1/Tomcat 4.1.24?
A set of files that needs to be edited/configured would be sufficient!
Thanks in advance.
Sankar -
5. Re: BASIC authentication does not work with jboss-3.2.1_tomc
sysuser1 Oct 30, 2003 6:55 PM (in response to mlipp)"kssubramanian81" wrote:
Ok, I got it to work at last..
1. create a jboss-web.xml under WEB-INF directory of war file
2. Provide security-domain for the webapp in this file
<jboss-web>
<security-domain>java:/your/security/domain</security-domain>
<!--
other elements as needed
-->
</jboss-web>
This security domain needs to be defined in conf/login-config.xml file
3. edit web.xml of the war file to provide security-constraint, login-config and security-role elements as appropriate. Here is a sample snippet..
<security-constraint>
<web-resource-collection>
<web-resource-name>resource-name</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
<http-method>CONNECT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ARoleName</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>A Descriptive name for the realm</realm-name>
</login-config>
<security-role>
<role-name>ARoleName</role-name>
</security-role>
4. create a users.properties and roles.properties and place it under WEB-INF/classes directory of the war file
users.properties
---------------------
ausername=auserpassword
roles.properties
--------------------
ausername=ARoleName
And this worked.
I just have one question here - should the web-resource-name elements value match the name of the war file exactly?
--
Sankar -
6. Re: BASIC authentication does not work with jboss-3.2.1_tomc
jimboss Jan 18, 2004 7:52 AM (in response to mlipp)"jimboss" wrote:
Yeah looks like in <web-resource-name>XXX</web-resource-name> XXX must be the name of you war minus the .war.
Without that I just keep getting told that my username/password is incorrect.