1 Reply Latest reply on Nov 15, 2001 9:19 AM by kimptoc

    Is jetty realm based BASIC authentication possible with ears

    kimptoc
    kimptoc Nov 15, 2001 8:00 AM

      Hi

      I want to deploy a secured webapp via an ear.

      I want to secure it based on a realm.

      I have added the security-constraint/login-module/security-role bits to the web.xml.

      I have added the realm to the jetty.xml config file.

      When I connect to the servlet, I get the login box - great...

      ..but it accepts any username/password. I see messages in the jboss log relating to JBossUserRealm/Authenticating access, user is authenticated...

      I am using the Jboss2.4.1/Jetty 3.1 RC9 bundle.

      Was this a problem then?

      Thanks,
      Chris

      • 5938 Views
      • Tags:
        • 1. Re: Is jetty realm based BASIC authentication possible with
          kimptoc
          kimptoc Nov 15, 2001 9:19 AM (in response to kimptoc)

          OK - thanks to this post http://jboss.org/forums/thread.jsp?forum=49&thread=3142

          Things are now validated against my users.properties file.

          I have put the users/roles.properties files into the WEB-INF/classes directory of my war.

          I had upgraded to jboss3.4.3/jetty3.1.3.1 - which gave more debug info - but then actually failed to accept valid user/passwd - ClassCastException in isUserInRole.

          So I went back to my version above - and voila - it works!!!

          Although only the first 3 chars of the realm name seem to be used - as the client has to use only the first 3 chars in the credentials...

          Chris

            • Actions