6 Replies Latest reply on Oct 27, 2002 7:05 PM by wwheeler1464

    Don't want web realm named "other"

    wwheeler1464
    wwheeler1464 Oct 25, 2002 2:30 AM

      Hi. I'm using the JBoss 3.0.3 + Tomcat 4.1.12 bundle, and I'm trying to deploy web application that uses basic authentication. I've gotten everything to work correctly, but it only works if I choose "other" as the name of my web realm. (So in web.xml, realm-name is "other", and in jboss-web.xml, security-domain is "java:/jaas/other".)

      In login-config.xml, there's an application policy named "other", and from what I understand, this is a catch-all domain defined by the JAAS spec. Well, I added an application policy to login-config.xml with the name "JCourseWebRealm", changed realm-name in web.xml to "JCourseWebRealm", and changed security-domain in jboss-web.xml to "java:/jaas/JCourseWebRealm". When I do this, I can still authenticate, but the server denies me access, returning an HTTP 403 error code (Unauthorized Access).

      I'm using the UsersRolesLoginModule, if that matters.

      Thanks,
      Willie

      • 5065 Views
      • Tags:
        • 1. Re: Don't want web realm named "other"
          jmoring Oct 25, 2002 10:56 AM (in response to wwheeler1464)

          Do you have security roles defined in your web.xml? If so they must be returned by the UserRolesLoginModule.

          HTH

            • Actions
          • 2. Re: Don't want web realm named "other"
            mhnagaoka
            mhnagaoka Oct 25, 2002 12:19 PM (in response to wwheeler1464)

            Where are your users and roles properties files?

            My app is working OK, but, differently of you, I'm specifying other properties file names in login-config.xml and I'm placing this files in the root of my EAR file.

            Here is a snippet of my login-config.xml:

            <application-policy name = MyAppRealm">

            <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
            <module-option name = "usersProperties">myapp.users</module-option>
            <module-option name = "rolesProperties">myapp.roles</module-option>
            </login-module>

            </application-policy>

              • Actions
            • 3. Re: Don't want web realm named "other"
              mhnagaoka
              mhnagaoka Oct 25, 2002 12:21 PM (in response to wwheeler1464)

              Where are your users and roles properties files?

              My app is working OK, but, differently of you, I'm specifying other properties file names in login-config.xml and I'm placing this files in the root of my EAR file.

              Here is a snippet of my login-config.xml:

              <application-policy name = MyAppRealm">

              <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
              <module-option name = "usersProperties">myapp.users</module-option>
              <module-option name = "rolesProperties">myapp.roles</module-option>
              </login-module>

              </application-policy>

                • Actions
              • 4. Re: Don't want web realm named "other"
                mhnagaoka
                mhnagaoka Oct 25, 2002 12:22 PM (in response to wwheeler1464)

                Where are your users and roles properties files?

                My app is working OK, but, differently of you, I'm specifying other properties file names in login-config.xml and I'm placing this files in the root of my EAR file.

                Here is a snippet of my login-config.xml:

                <application-policy name = MyAppRealm">

                <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
                <module-option name = "usersProperties">myapp.users</module-option>
                <module-option name = "rolesProperties">myapp.roles</module-option>
                </login-module>

                </application-policy>

                  • Actions
                • 5. Re: Don't want web realm named "other"
                  mhnagaoka
                  mhnagaoka Oct 25, 2002 12:23 PM (in response to wwheeler1464)

                  Where are your users and roles properties files?

                  My app is working OK, but, differently of you, I'm specifying other properties file names in login-config.xml and I'm placing this files in the root of my EAR file.

                  Here is a snippet of my login-config.xml:

                  <application-policy name = MyAppRealm">

                  <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
                  <module-option name = "usersProperties">myapp.users</module-option>
                  <module-option name = "rolesProperties">myapp.roles</module-option>
                  </login-module>

                  </application-policy>

                    • Actions
                  • 6. Re: Don't want web realm named "other"
                    wwheeler1464
                    wwheeler1464 Oct 27, 2002 7:05 PM (in response to wwheeler1464)

                    Hi jmoring. I do have security roles defined in web.xml. What do you mean when you say that they must be returned by the UsersRolesLoginModule? AFAIK UsersRolesLoginModule just takes two module options: one called usersProperties (gives the name of the user file) and another called rolesProperties (gives the name of the role file). I have appropriate entries defined in users.properties and roles.properties.

                    Thanks,
                    Willie

                      • Actions