2 Replies Latest reply on Aug 4, 2005 4:11 AM by debopam

    Problem with jboss-web.xml : role mapping doesn't work for m

    djeanprost

      I already posted the same message on the serlet newsgroup. I try on this too just in case.
      ***************
      I'm currently trying to migrate a webapp from weblogic8.1 to JBoss, and I'm meeting a problem I hadn't with WLS.

      My webapp has a <security-constraint> section with <auth-constraint>. I'm using Form authentication with DB Realm. My problem is that I can log in my webapp, but I get a 403 saying I'm not allowed to access ressources.

      I checked several things :
      - I can log in, ie login/password are checked against DB, so this part works. If I give a wrong password, I get <form-error-page> page.
      - I added a piece of code in my 403.jsp. I added 3 lines :
      0. System.out.println(request.getRemoteUser()); --> return djeanprost
      1. System.out.println(request.isUserInRole("collaborateur")); where collaborateur is a group of my group table. --> Return true, which is normal to me.
      2. System.out.println(request.isUserInRole("utilisateurCollaborateur")); --> false
      utilisateurCollaborateur is a role I specified in the <auth-constraint> section in the web.xml. I also have a <security-role> section where I declare the utilisateurCollaborateur role name. In my jboss-web.xml, I have a
      <security-role>
      <role-name>utilisateurCollaborateur</role-name>
      <principal-name>collaborateur</principal-name>
      <principal-name>djeanprost</principal-name>
      </security-role>

      where I map utilisateurCollaborateur to collaborateur and djeanprost. I added the principal name djeanprost to add a test : it does not work neither.

      I conclude the mapping from utilisateurCollaborateur to collaborateur is not done.

      Where am I wrong ?

      Regards,

        • 1. Re: Problem with jboss-web.xml : role mapping doesn't work f
          djeanprost

          Stopping thread. See answer in Servlet newsgroup.
          Dom

          • 2. Re: Problem with jboss-web.xml : role mapping doesn't work f

            ? Add this following in the application?s web.xml file:
            <security-constraint>
            <web-resource-collection>
            <web-resource-name>Admin Console</web-resource-name>
            <url-pattern>/admin/abc.jsp</url-pattern>

            <http-method>POST</http-method>
            <http-method>GET</http-method>
            </web-resource-collection>
            <auth-constraint>
            <role-name>administrators</role-name>
            </auth-constraint>
            </security-constraint>

            Similarly for other groups/roles and url patterns attributes are added in web.xml

            ? Change login-config.xml in %JBOSS_HOME%/server/default/conf directory
            <application-policy name = "TEST_SECURITY_DOMAIN">

            <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
            flag = "required">
            <module-option name="usersProperties">users.properties</module-option>
            <module-option name="rolesProperties">roles.properties</module-option>
            </login-module>

            </application-policy>
            (You can put any name in place of ?TEST_SECURITY_DOMAIN?)
            ? Change jboss-web.xml in %JBOSS_HOME%/server\default\deploy\<your application>\WEB-INF directory
            <jboss-web>
            <security-domain>java:/jaas/TEST_SECURITY_DOMAIN</security-domain>
            </jboss-web>
            ? Add users.properties in %JBOSS_HOME%/server/default/conf directory
            Add user name and password in the following format
            Username = password
            (if username:: abc & password::pqr add abc = pqr in users.properties)
            ? Add roles.properties in %JBOSS_HOME%/server/default/conf directory
            Add the user name and role in the following format
            Username = role (take it from web.xml)
            (If username:: abc & role::admin add abc = admin in roles.properties)
            ? Add this to web.xml
            <login-config>
            <!--<auth-method>BASIC</auth-method> -->
            <auth-method>FORM</auth-method>
            <form-login-config>
            <form-login-page>/admin/adminlogin.html</form-login-page>
            <form-error-page>/admin/adminlogin.html</form-error-page>
            </form-login-config>
            </login-config>

            (it tells server what is your admin login page)
            ? Add this to your admin login page