0 Replies Latest reply on Dec 4, 2002 7:37 PM by Dan Weimer

    Web App Authentication Failing

    Dan Weimer Newbie

      Hello All, I'm using Jboss 3.0.4/Tomcat 4.1.12 and can't get BASIC authentication to work (works fine in Weblogic).

      I'm deploying an .ear file that has a .war file in it. When I hit a protected page I immediately get a 403 in the browser - no challenge box.

      web.xml
      -------
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Admin Pages</web-resource-name>
      Must be admin user to access
      <url-pattern>/admin/*</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      Pages for admin only
      <role-name>admin</role-name>
      </auth-constraint>
      <user-data-constraint>
      We are not requiring SSL to access these pages
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>
      ....
      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>appDB</realm-name>
      </login-config>

      <security-role>
      <role-name>admin</role-name>
      </security-role>

      jboss-web.xml
      -------------
      <jboss-web>
      <security-domain>java:/jaas/appDB</security-domain>
      </jboss-web>

      The appDB policy is ok and works outside of the web app.
      I see nothing in the logs at all when I try to access a protected page ....

      I've seen occasional reports of issues with this feature and was hoping someone could suggest a solution.

      Thanks,
      Dan