This content has been marked as final.
Show 6 replies
-
1. Re: Basic Auth not propogating Security
shin.tai Aug 8, 2005 1:25 PM (in response to shin.tai)Ahh I forgot to mention in my web.xml, I also have
<security-constraint> <web-resource-collection> <web-resource-name>anything</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> </security-constraint>
-
2. Re: Basic Auth not propogating Security
niwhsa Aug 8, 2005 10:56 PM (in response to shin.tai)Make sure you include the CLientLoginModule in the "mymail" authentication domain. This should help propogate the principal.
-
3. Re: Basic Auth not propogating Security
shin.tai Aug 9, 2005 5:12 AM (in response to shin.tai)"niwhsa" wrote:
Make sure you include the CLientLoginModule in the "mymail" authentication domain. This should help propogate the principal.
Thanks but that didn't make a difference. I added the following to my login-config.xml (even to default as well just to be on the safe side):<application-policy name = "mymail"> <authentication> <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"> </login-module> </authentication> </application-policy>
-
4. Re: Basic Auth not propogating Security
starksm64 Aug 10, 2005 10:17 AM (in response to shin.tai)If that is really the extend of your web.xml security-constraint you have no authentication/authorization required.
-
5. Re: Basic Auth not propogating Security
shin.tai Aug 10, 2005 10:23 AM (in response to shin.tai)"scott.stark@jboss.org" wrote:
If that is really the extend of your web.xml security-constraint you have no authentication/authorization required.
That's right, it's more in there for completeness than anything else.
In my sample application having the security sonstraint makes no difference. I'm still able to pull out the principal and credential from SecurityAssociation.
I read the security faq and followed the advice to turn up the logging. It looks like the principal and credential aren't being set at all in SecurityAssociation in the application that I'm porting to JBoss.
Thanks -
6. Re: Basic Auth not propogating Security
shin.tai Aug 17, 2005 10:30 AM (in response to shin.tai)Didn't figure out what was going wrong, but found another way.
axis-config uses the HTTPAuthHandler to take the username/password from the authentication header and insert it into the its MessageContext.
Get the username/password back using:MessageContext ctx = MessageContext.getCurrentContext(); String username = ctx.getUsername(); String password = ctx.getPassword();
Cheers,
Shin