4 Replies Latest reply on Jul 27, 2016 1:12 AM by Martin Choma

    Authentication basic file other

    Francois Francois Newbie

      Hi, I become crazy, some day I try something really simple (in glassfish), apparently not in wildfly...

      I would like for test to use file authentication  and authorisation in web application and ee application.

      So I create a maven web application

       

      In web.xml I secure index.html with USERR role, I tried with and without specify realm-name

       

      <?xml version="1.0" encoding="UTF-8"?>
      <web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
          <security-constraint>
              <display-name>qunit</display-name>
              <web-resource-collection>
                  <web-resource-name>secure</web-resource-name>
                  <url-pattern>/index.html</url-pattern>
              </web-resource-collection>
              <auth-constraint>
                  <role-name>USERR</role-name>
              </auth-constraint>
          </security-constraint>
          <login-config>
              <auth-method>BASIC</auth-method>
              <realm-name>ApplicationRealm</realm-name><!-- I tried with and without this line -->
          </login-config>
          <security-role>
              <description/>
              <role-name>USERR</role-name>
          </security-role>
      </web-app>
      
      


      In jboss-web I define the security domain. I try other, java:/jaas/other with and without security-role

       

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web version="10.0" xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_10_0.xsd">
        <context-root>/testauth</context-root>
        <security-domain>other</security-domain><!-- I tried with other and java:/jaas/other -->
        <security-role><!-- I tried with and without this block -->
          <role-name>USERR</role-name>
        </security-role>
      </jboss-web>
      
      

       

      I Tried this to with and withut security-role

       

      <jboss-web> 
            <security-domain>java:/jaas/other</security-domain>
      </jboss-web>
      


      I add user demo/demo with wildfly/bin/add-user.sh and add role in roles.properties

       

      wildfly/bin/add-user.sh -a demo demo
      echo "demo=USERR" >> wildfly/domain/configuration/application-roles.properties
      

       

      when I try to access to index.html, I fill demo/demo, and wildfly return Forbiden

       

      I tried everything, secrity-domain = other, java:/jaas/other, I don't know, if someone have an idea, an advice.

      I tried with wilfly 9 and 10, I read 10K tutos, nothing works, what's wrong....

        • 1. Re: Authentication basic file other
          Francois Francois Newbie

          This configuration works perfectly in jboss eap6

           

          In WEB-INF/web.xml

           

          <?xml version="1.0" encoding="UTF-8"?>
          <web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
              <security-constraint>
                  <display-name>qunit</display-name>
                  <web-resource-collection>
                      <web-resource-name>secure</web-resource-name>
                      <url-pattern>/index.html</url-pattern>
                  </web-resource-collection>
                  <auth-constraint>
                      <role-name>USERR</role-name>
                  </auth-constraint>
              </security-constraint>
              <login-config>
                  <auth-method>BASIC</auth-method>
                  <realm-name>ApplicationRealm</realm-name>
              </login-config>
              <security-role>
                  <description/>
                  <role-name>USERR</role-name>
              </security-role>
              <security-role>
                  <description/>
                  <role-name>ADMINR</role-name>
              </security-role>
          </web-app>
          
          

           

          in WEB-INF/jboss-web.xml

           

          <?xml version="1.0" encoding="UTF-8"?>
          <jboss-web version="10.0" xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_10_0.xsd">
            <context-root>/testauth</context-root>
            <security-domain>other</security-domain>
            <security-role>
              <role-name>USERR</role-name>
            </security-role>
            <security-role>
              <role-name>ADMINR</role-name>
            </security-role>
          </jboss-web>
          

           

          user demo/demo added :

           

          wildfly/bin/add-user.sh -a demo demo  
          echo "demo=USERR" >> wildfly/domain/configuration/application-roles.properties  
          

           

          This config works, why in wildfly, that doesn't work ????

          • 2. Re: Authentication basic file other
            Filippe Spolti Newbie

            Hello, could you please share the logs with the trace level for security logger?

            • 3. Re: Authentication basic file other
              Francois Francois Newbie

              Hello, I found why that doesn't work....

              The problme comes from the method to add user-group

               

              wildfly/bin/add-user.sh -a demo demo   

              and

              echo "demo=USERR" >> wildfly/domain/configuration/application-roles.properties   

              doesn't work

              BUT

              wildfly/bin/add-user.sh -a demo demo  -g USERR

               

              works fine....

              • 4. Re: Authentication basic file other
                Martin Choma Expert

                You are running wildfly in standalone mode? If yes, then it happened because you was edditing domain configuration file, whereas add-user.sh edits both standalone and domain configuration files.