geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <ammul...@alumni.princeton.edu>
Subject Re: authorization for web app in ear.
Date Sun, 27 Nov 2005 17:38:31 GMT
Have you tried a URL pattern of *.page instead of /*.page?  You'd have
to look at the URL pattern rules to be sure, but I think if it begins
with a / that indicates a pattern based on the beginning of the URL
path not a pattern based on the file extension.

Aaron

On Sun, 27 Nov 2005 09:44:19 UT, Milan Unger <moo@zoznam.sk> wrote:
> Hallo,
>
> I have a J2EE application deployed on geronimo M5 and could not get
> security working as intended. I use geronimo-properties-realm and set
> up some security constranits in the web.xml but it seems as if geronimo
> ignores them.
>
> If  I access protected resource without beign logged in there is no
> redirection to
> login page. If I go explicitely to login page and logs on, then cannot identify
> logged user through request.getRemoteUser() or request.getUserPrincipal(),
> anyway.
>
> Possibly I'm mising some mapping in deployment but could not identify it.
> There is also no
> error or exception reported by server on console or in log files.
>
> Below are fragments of web.xml and geronimo's application plan.
>
> Do you have any idea what is wrong there?
>
> Regards, Milan.
>
>
> //////////////////////  web.xml ///////////////////////////////////////
>
> <web-app
>     xmlns="http://java.sun.com/xml/ns/j2ee"
>     version="2.4">
>
>   <servlet>
>     <servlet-name>timestamps</servlet-name>
>     <servlet-class>
>       org.apache.velocity.tools.view.servlet.VelocityViewServlet
>     </servlet-class>
>     ...
>   </servlet>
>
>   <!-- Map *.page files to Velocity -->
>   <servlet-mapping>
>     <servlet-name>timestamps</servlet-name>
>     <url-pattern>*.page</url-pattern>
>   </servlet-mapping>
>
>   ...
>
>   <security-constraint>
>     <web-resource-collection>
>       <web-resource-name>UserDomain</web-resource-name>
>       <url-pattern>/*.page</url-pattern>
>       <http-method>GET</http-method>
>       <http-method>POST</http-method>
>       <http-method>PUT</http-method>
>     </web-resource-collection>
>     <auth-constraint>
>       <role-name>admin</role-name>
>     </auth-constraint>
>   </security-constraint>
>   <login-config>
>     <auth-method>FORM</auth-method>
>     <realm-name>geronimo-properties-realm</realm-name>
>     <form-login-config>
>       <form-login-page>/login.jsp</form-login-page>
>       <form-error-page>/loginerror.jsp</form-error-page>
>     </form-login-config>
>   </login-config>
>   <security-role>
>     <role-name>admin</role-name>
>   </security-role>
>   <security-role>
>         <description>Usual user</description>
>         <role-name>user</role-name>
> </security-role>
> </web-app>
>
> //////////// geronimo-application.xml ////////////////////////
>
> <application
>     xmlns="http://geronimo.apache.org/xml/ns/j2ee/application"
>     configId="coordinator"
>     parentId="org/apache/geronimo/System">
>
> ...
>
>   <module>
>     <web>timestamps.war</web>
>
>     <web-app
>         xmlns="http://geronimo.apache.org/xml/ns/web"
>         configId="TimestampWeb" >
>
>       <context-priority-classloader>true</context-priority-classloader>
>       <security-realm-name>geronimo-properties-realm</security-realm-name>
>     </web-app>
>   </module>
>
>   <security>
>      <default-principal realm-name="geronimo-properties-realm">
>           <principal
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> name="user"/>
>      </default-principal>
>
>         <role-mappings>
>           <role role-name="admin">
>             <realm realm-name="geronimo-properties-realm">
>               <principal
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
>                          name="admin"
>                          designated-run-as="true"
>                          />
>             </realm>
>           </role>
>           <role role-name="user">
>             <realm realm-name="CoordinatorRealm">
>               <principal
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
>                          name="users"/>
>             </realm>
>           </role>
>         </role-mappings>
>   </security>
> </application>
>
>
> --- reklama -----------------------------------------------------
> Nechaj sa uniesť do hlbokých tajomstiev Novej Guiney!
> TAMTAMY ČASU – prvý cestovateľský internetový seriál
> http://cestovanie.zoznam.sk/?sid=10142
>
Mime
View raw message