BASIC authentication problems
dmulej Sep 26, 2002 8:20 AMHi!
I'm unable to use BASIC authentication in JBoss-302 (integrated with Jetty). My ear consists of 1 jar (EJBs) and 1 war file. I'm following
JBoss 3.0 Quick start guide (v4) in here are files I'm using:
1 users.properties:
# The username to password mapping properties file
# java=echoman
# duke=javaman
darko=darko
boss=jboss
2. roles.properties:
# The username to role(s) mapping properties file
# java=Echo
# duke=Java,Coder
# java.CallerPrincipal=caller_java
# duke.CallerPrincipal=caller_duke
darko=myrole
boss=bossrole
3. login-config.xml snippet:
<application-policy name = "zzRealm">
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "requisite" />
<module-option name="usersProperties">users.properties</module-option>
<module-option name="rolesProperties">roles.properties</module-option>
</application-policy>
All these files are located in JBOSS_HOME/server/default/conf
4. web.xml snippet:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecretPages</web-resource-name>
<url-pattern>/secret/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>bossrole</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>my SecretPages</web-resource-name>
<url-pattern>/mysecret/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myrole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>zzRealm</realm-name>
</login-config>
<security-role>
boss
<role-name>bossrole</role-name>
</security-role>
<security-role>
custom
<role-name>myrole</role-name>
</security-role>
When I want to access restricted files, login panel appears but then regardless of my input access to restricted
file is granted and next lines are logged to server.log (in this case username dar was typed - which is not in
users.properties):
2002-09-26 12:33:43,495 DEBUG [org.jboss.jetty.security.JBossUserRealm#zzRealm] JBossUserPrincipal: dar
2002-09-26 12:33:43,495 DEBUG [org.jboss.jetty.security.JBossUserRealm#zzRealm] created JBossUserRealm::JBossUserPrincipal: dar
2002-09-26 12:33:43,495 DEBUG [org.jboss.jetty.security.JBossUserRealm#zzRealm] authenticating: Name:dar Password:****
2002-09-26 12:33:43,495 DEBUG [org.jboss.jetty.security.JBossUserRealm#zzRealm] authenticated: dar
2002-09-26 12:33:43,495 DEBUG [org.jboss.jetty.security.JBossUserRealm#zzRealm] setting JAAS subjectAttributeName(j_subject) : null
2002-09-26 12:33:43,495 DEBUG [org.jboss.jetty.security.JBossUserRealm#zzRealm] JBossUserPrincipal: dar is in Role: bossrole
The bottom line is: every user gets all access and it seems that users.properties and roles.properties
are not read.
Any idea what am I missing?
Darko