0 Replies Latest reply on Jul 18, 2002 12:08 PM by Bert

    User and role mapping on web server

    Bert Newbie

      Hi,

      I'm using JBoss 2.4.4 / Tomcat 4.0.1 bundle. My servlet does
      authenticationManager.isValid(principal, password);
      realmMapping.doesUserHaveRole(principal, requiredRoles);
      for authentication and authorization. Both works fine after deployment.

      After that I use
      SecurityAssociation.setPrincipal(principal);
      SecurityAssociation.setCredential(password);
      SecurityAssociation.pushRunAsRole(role);
      to propagate the login information to the environment. Even though I've done
      this, catalina webserver still denies access to a secured servlet, which
      has a security constraint:

      ------------------------------------------------------------
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>RestrictedAdminServletPath</web-resource-name>

      This servlet is accessible for authenticated administrators
      who are in role "admin".

      <url-pattern>/admin/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>admin</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>
      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>Biber Servlet</realm-name>
      </login-config>
      <security-role>
      Users allowed to use AdminServlet
      <role-name>admin</role-name>
      </security-role>
      ------------------------------------------------------------

      The previously authenticated user is in role "admin", of course.
      This information is included in pincipal object. So it seems that the webserver
      dosn't get the data from SecurityAssociation, or maybe the mapping from
      "role" in servlet to "role-name" in web.xml deployment descriptor doesn't work.

      Any suggestions? Am I missing a configuration?

      Bert