4 Replies Latest reply on Jul 27, 2016 1:12 AM by mchoma

Authentication basic file other

hhfrancois Jul 20, 2016 5:28 PM

Hi, I become crazy, some day I try something really simple (in glassfish), apparently not in wildfly...

I would like for test to use file authentication and authorisation in web application and ee application.

So I create a maven web application

In web.xml I secure index.html with USERR role, I tried with and without specify realm-name

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
    <security-constraint>
        <display-name>qunit</display-name>
        <web-resource-collection>
            <web-resource-name>secure</web-resource-name>
            <url-pattern>/index.html</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>USERR</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>ApplicationRealm</realm-name><!-- I tried with and without this line -->
    </login-config>
    <security-role>
        <description/>
        <role-name>USERR</role-name>
    </security-role>
</web-app>

In jboss-web I define the security domain. I try other, java:/jaas/other with and without security-role

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web version="10.0" xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_10_0.xsd">
  <context-root>/testauth</context-root>
  <security-domain>other</security-domain><!-- I tried with other and java:/jaas/other -->
  <security-role><!-- I tried with and without this block -->
    <role-name>USERR</role-name>
  </security-role>
</jboss-web>

I Tried this to with and withut security-role

<jboss-web> 
      <security-domain>java:/jaas/other</security-domain>
</jboss-web>

I add user demo/demo with wildfly/bin/add-user.sh and add role in roles.properties

wildfly/bin/add-user.sh -a demo demo
echo "demo=USERR" >> wildfly/domain/configuration/application-roles.properties

when I try to access to index.html, I fill demo/demo, and wildfly return Forbiden

I tried everything, secrity-domain = other, java:/jaas/other, I don't know, if someone have an idea, an advice.

I tried with wilfly 9 and 10, I read 10K tutos, nothing works, what's wrong....

1. Re: Authentication basic file other

hhfrancois Jul 21, 2016 12:57 PM (in response to hhfrancois)

This configuration works perfectly in jboss eap6

In WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
    <security-constraint>
        <display-name>qunit</display-name>
        <web-resource-collection>
            <web-resource-name>secure</web-resource-name>
            <url-pattern>/index.html</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>USERR</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>ApplicationRealm</realm-name>
    </login-config>
    <security-role>
        <description/>
        <role-name>USERR</role-name>
    </security-role>
    <security-role>
        <description/>
        <role-name>ADMINR</role-name>
    </security-role>
</web-app>

in WEB-INF/jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web version="10.0" xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_10_0.xsd">
  <context-root>/testauth</context-root>
  <security-domain>other</security-domain>
  <security-role>
    <role-name>USERR</role-name>
  </security-role>
  <security-role>
    <role-name>ADMINR</role-name>
  </security-role>
</jboss-web>

user demo/demo added :

wildfly/bin/add-user.sh -a demo demo  
echo "demo=USERR" >> wildfly/domain/configuration/application-roles.properties

This config works, why in wildfly, that doesn't work ????

2. Re: Authentication basic file other

filippe.spolti Jul 21, 2016 6:38 PM (in response to hhfrancois)

Hello, could you please share the logs with the trace level for security logger?
Actions
3. Re: Authentication basic file other

hhfrancois Jul 26, 2016 1:13 PM (in response to hhfrancois)

Hello, I found why that doesn't work....
The problme comes from the method to add user-group

wildfly/bin/add-user.sh -a demo demo
and
echo "demo=USERR" >> wildfly/domain/configuration/application-roles.properties
doesn't work
BUT
wildfly/bin/add-user.sh -a demo demo -g USERR

works fine....
Actions
4. Re: Authentication basic file other

mchoma Jul 27, 2016 1:12 AM (in response to hhfrancois)

You are running wildfly in standalone mode? If yes, then it happened because you was edditing domain configuration file, whereas add-user.sh edits both standalone and domain configuration files.
Actions

Go to original post