3 Replies Latest reply on Mar 19, 2012 8:38 AM by Stefan Maier

    Problems with basic authentication with JBoss 7.1.1

    Stefan Maier Newbie

      Hello,

       

      I tried basic authentication with the preconfigured "other" security domain on JBoss 7.1.1, but I can't get it to work. I have added a user to application-useres.properties using the add-user.sh script but whenever I enter the correct username and password, I get  "HTTP Status 403 - Access to the requested resource has been denied".  I do net get any security exception, so I think that authentication was successful, but nevertheless  access to the servlet requested is not granted. As can be seen from the code the servlet is mapped to "/" and the URL pattern for the secured area is "/*". Do I miss anything here or is there some misconfiguration anywhere?

       

      This is my web.xml:

       

      {code:xml}

      ?xml version="1.0" encoding="UTF-8"?>

      <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"

               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

               xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

       

               <display-name>AuthenticationEx</display-name>

       

               <security-constraint>

                        <display-name>Authentication Ex Login</display-name>

                        <web-resource-collection>

                                 <web-resource-name>SecuredArea</web-resource-name>

                                 <url-pattern>/*</url-pattern>

                        </web-resource-collection>

                        <auth-constraint>

                                 <role-name>*</role-name>

                        </auth-constraint>

               </security-constraint>

       

               <login-config>

                        <auth-method>BASIC</auth-method>

                        <realm-name>other</realm-name>

               </login-config>

       

      </web-app>

      {code}

       

      and the jboss-web.xml:

       

      {code:xml}

      <?xml version="1.0" encoding="UTF-8"?>

      <jboss-web>

         <security-domain>other</security-domain>

      </jboss-web>

      {code}

       

      Finally the Servlet code:

      {code:java}

      package example.authentication;

       

       

      import java.io.IOException;

      import java.io.PrintWriter;

       

       

      import javax.servlet.ServletException;

      import javax.servlet.annotation.WebServlet;

      import javax.servlet.http.HttpServlet;

      import javax.servlet.http.HttpServletRequest;

      import javax.servlet.http.HttpServletResponse;

       

       

      @WebServlet("/")

      public class AuthenticationServlet extends HttpServlet

      {

               private static final long serialVersionUID = 1L;

       

       

               public AuthenticationServlet()

               {

                        super();

               }

       

       

               protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException

               {

                        sayHello(response);

               }

       

       

               protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException

               {

                        sayHello(response);

               }

       

               private void sayHello(HttpServletResponse response) throws IOException

               {

                        PrintWriter writer = response.getWriter();

       

                        writer.println("<html>");

                        writer.println("<head><title>Hello World Servlet</title></head>");

                        writer.println("<body>");

                        writer.println("         <h1>Congratulations, you have been authenticated!</h1>");

                        writer.println("<body>");

                        writer.println("</html>");

       

                        writer.close();

               }

       

      }

       

      {code}