1 Reply Latest reply on Nov 27, 2006 7:08 AM by Andreas Wieczorek

    not able to get the prompt asking for user password

    Sandy Newbie

      trying to test for secure a web application in JBoss AS.
      added given entry in the following files

      1. web.xml (under mywebapp/WEB-INF)
      -------------

      <servlet-name>Hello</servlet-name>
      <servlet-class>HelloServlet</servlet-class>
      <display-name></display-name>

      <security-role-ref>
      <role-name>user</role-name>
      <role-link>user</role-link>
      </security-role-ref>



      <servlet-mapping>
      <servlet-name>Hello</servlet-name>
      <url-pattern>/hello</url-pattern>
      </servlet-mapping>


      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>tw-app</realm-name>
      </login-config>

      <security-constraint>
      <web-resource-collection>
      <url-pattern>/hello</url-pattern>
      <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>user</role-name>

      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <security-role>

      <role-name>user</role-name>
      </security-role>

      <error-page>
      <error-code>401</error-code>
      /error/401.html
      </error-page>

      2. jboss-web.xml(under mywebapp/WEB-INF)
      -------------------
      <jboss-web>
      <security-domain>java:/jaas/tw-app</security-domain>
      </jboss-web>

      3. login-config.xml (under servername\conf\login-config.xml)
      ----------------------
      <application-policy name = "tw-app">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required">
      <module-option name="usersProperties">props/tw-appUsers.properties</module-option>
      <module-option name="rolesProperties">props/tw-appRoles.properties</module-option>
      </login-module>

      </application-policy>


      my problem is that, while invoking the hello servlet, I am not being prompt for the user name and password as expecting to be. I am given error 404 , page not found.
      but when I comment all these things, I am getting the hello msg by the hello servlet.
      could any one please tell me, if I am still missing anything in any config file to get browser prompt for user name and password.

      Thanks

        • 1. Re: not able to get the prompt asking for user password
          Andreas Wieczorek Newbie

          I just faced the same problem, after updating to 4.0.5 from 4.0.3sp1.

          It seems that BASIC authentication has been changed so that the prompt now is triggered after the error page, i.e. when an error page is configured there is no prompt anymore..
          (I assume your 404 error code was due to not finding the 401.html)

          after removing

          <error-page>
          <error-code>401</error-code>
          /error/401.html
          </error-page>


          it works again (at least for me..)..

          Perhaps JBoss might want to comment on this? I´d say it´s not possible anymore (4.0.5) to define a 401-error page when having BASIC authentication (which worked with 4.0.3sp1 - i haven´t tried 4.0.4..)