This content has been marked as final.
Show 2 replies
-
1. Re: unauthorized-principal not applied
anonym54321 May 27, 2009 9:38 AM (in response to anonym54321)I forgot something: I have to use EJB 2.1, so I can't use these nice annotations.
-
2. Re: unauthorized-principal not applied
anonym54321 May 28, 2009 10:18 AM (in response to anonym54321)Ok, finally I managed to work around this issue. I just removed the security-context away from the EJB's jboss.xml. Looks like just using the name of the application-policy as mentioned in [1] isn't the right way...
But after this, I had a different (but possibly related?) problem. Instead of showing the login-dialog, I get an IllegalStateException on the console complaining about "Authorization Manager is null".
If I remove the security-context from the jboss-web.xml, the dialog appears, but I didn't found a way to specify the correct login-configuration defined in conf/login-config.xml.
A very basic example:
WEB-INF/jboss-web.xml:<jboss-web> <security-domain>java:jaas/other</security-domain> <context-root>helloworld</context-root> </jboss-web>
WEB-INF/web.xml:<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>HelloWorldWeb</display-name> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <security-constraint> <web-resource-collection> <web-resource-name>Everything</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>somebody</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Some Realm</realm-name></login-config> <security-role> <role-name>somebody</role-name> </security-role> </web-app>
index.html:<html><body>Hello World</body></html>