Problems with basic authentication with JBoss 7.1.1
codergeek Mar 19, 2012 7:10 AMHello,
I tried basic authentication with the preconfigured "other" security domain on JBoss 7.1.1, but I can't get it to work. I have added a user to application-useres.properties using the add-user.sh script but whenever I enter the correct username and password, I get "HTTP Status 403 - Access to the requested resource has been denied". I do net get any security exception, so I think that authentication was successful, but nevertheless access to the servlet requested is not granted. As can be seen from the code the servlet is mapped to "/" and the URL pattern for the secured area is "/*". Do I miss anything here or is there some misconfiguration anywhere?
This is my web.xml:
{code:xml}
?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>AuthenticationEx</display-name>
<security-constraint>
<display-name>Authentication Ex Login</display-name>
<web-resource-collection>
<web-resource-name>SecuredArea</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>other</realm-name>
</login-config>
</web-app>
{code}
and the jboss-web.xml:
{code:xml}
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>other</security-domain>
</jboss-web>
{code}
Finally the Servlet code:
{code:java}
package example.authentication;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet("/")
public class AuthenticationServlet extends HttpServlet
{
private static final long serialVersionUID = 1L;
public AuthenticationServlet()
{
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
sayHello(response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
sayHello(response);
}
private void sayHello(HttpServletResponse response) throws IOException
{
PrintWriter writer = response.getWriter();
writer.println("<html>");
writer.println("<head><title>Hello World Servlet</title></head>");
writer.println("<body>");
writer.println(" <h1>Congratulations, you have been authenticated!</h1>");
writer.println("<body>");
writer.println("</html>");
writer.close();
}
}
{code}