0 Replies Latest reply on Sep 23, 2007 12:02 PM by toni

    Unauthenticated Principal

    toni
    toni Sep 23, 2007 12:02 PM

      Hi,

      how can I grant unauthenticated users access to parts of my webapplication? I have read that we have to use the tag <unauthenticated-principal> in order to do this. Here is my configuration, maybe somebody can help me out?

      
----------- important part of web.cml -------------------------

 <security-constraint>
 <web-resource-collection>
 <web-resource-name>Unsecure area</web-resource-name>
 <description>Unprotected Pages</description>

 <url-pattern>/homepage.seam</url-pattern>
 <url-pattern>/about.seam</url-pattern>

 <http-method>POST</http-method>
 <http-method>GET</http-method>
 </web-resource-collection>
 <auth-constraint>
 <description>All people</description>
 <role-name>guest</role-name>
 </auth-constraint>
 </security-constraint>

 <security-constraint>
 <web-resource-collection>
 <web-resource-name>Secure area</web-resource-name>
 <description>Security for Protected Pages</description>

 <url-pattern>*.seam</url-pattern>
 <url-pattern>*.jsp</url-pattern>

 <http-method>POST</http-method>
 <http-method>GET</http-method>
 </web-resource-collection>
 <auth-constraint>
 <description>All areas are restived</description>
 <role-name>Admin</role-name>
 </auth-constraint>
 </security-constraint>

 <login-config>
 <auth-method>FORM</auth-method>
 <realm-name>userDatabase</realm-name>
 <form-login-config>
 <form-login-page>/login.seam</form-login-page>
 <form-error-page>/loginError.seam</form-error-page>
 </form-login-config>
 </login-config>

 <security-role>
 <description>The role of an adminr</description>
 <role-name>Admin</role-name>
 </security-role>

 <security-role>
 <description>Any body</description>
 <role-name>guest</role-name>
 </security-role>
</web-app>

---------------------- userDatabase login config ------------------------

 <application-policy name="userDatabase">
 <authentication>
 <login-module
 code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
 flag="required">
 <module-option name="unauthenticatedIdentity">guest</module-option>
 <module-option name="dsJndiName">
 java:/PostgresqlDS
 </module-option>
 <module-option name="principalsQuery">
 SELECT password FROM systemuser WHERE login=?
 </module-option>
 <module-option name="rolesQuery">
 SELECT r.rolename, r.p_group FROM systemuser as o, role as r, systemuser_role as pr WHERE o.login=pr.systemuser_login AND r.roleName = pr.roles_roleName AND o.login=?
 </module-option>
 </login-module>

 </authentication>
 </application-policy>

-------------------------------- i also added jboss.xml to my ear archive ---


 <!DOCTYPE jboss PUBLIC
 "-//JBoss//DTD JBOSS 4.0//EN"
 "http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd">

<jboss>

 <security-domain>java:/jaas/userDatabase</security-domain>
 <unauthenticated-principal>guest</unauthenticated-principal>

</jboss>


-----------------------------------------------

Unfortuantely unauthenticated people can't access "/homepage.seam" before loggin in.


      • 1381 Views
      • Tags: