geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Milan Unger" <...@zoznam.sk>
Subject authorization for web app in ear.
Date Sun, 27 Nov 2005 09:44:19 GMT
Hallo, 

I have a J2EE application deployed on geronimo M5 and could not get 
security working as intended. I use geronimo-properties-realm and set 
up some security constranits in the web.xml but it seems as if geronimo
ignores them. 

If  I access protected resource without beign logged in there is no
redirection to 
login page. If I go explicitely to login page and logs on, then cannot identify 
logged user through request.getRemoteUser() or request.getUserPrincipal(),
anyway.

Possibly I'm mising some mapping in deployment but could not identify it.
There is also no 
error or exception reported by server on console or in log files. 

Below are fragments of web.xml and geronimo's application plan. 

Do you have any idea what is wrong there?

Regards, Milan. 


//////////////////////  web.xml ///////////////////////////////////////

<web-app 
    xmlns="http://java.sun.com/xml/ns/j2ee" 
    version="2.4">

  <servlet>
    <servlet-name>timestamps</servlet-name>
    <servlet-class>
      org.apache.velocity.tools.view.servlet.VelocityViewServlet
    </servlet-class>
    ...
  </servlet>

  <!-- Map *.page files to Velocity -->
  <servlet-mapping>
    <servlet-name>timestamps</servlet-name>
    <url-pattern>*.page</url-pattern>
  </servlet-mapping>

  ...

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>UserDomain</web-resource-name>
      <url-pattern>/*.page</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>geronimo-properties-realm</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/loginerror.jsp</form-error-page>
    </form-login-config>
  </login-config>
  <security-role>
    <role-name>admin</role-name>
  </security-role> 
  <security-role>
	<description>Usual user</description>
	<role-name>user</role-name>
</security-role>
</web-app>

//////////// geronimo-application.xml ////////////////////////

<application
    xmlns="http://geronimo.apache.org/xml/ns/j2ee/application"
    configId="coordinator"
    parentId="org/apache/geronimo/System">

...

  <module> 
    <web>timestamps.war</web>

    <web-app
        xmlns="http://geronimo.apache.org/xml/ns/web"        
        configId="TimestampWeb" >
      
      <context-priority-classloader>true</context-priority-classloader>
      <security-realm-name>geronimo-properties-realm</security-realm-name>
    </web-app>
  </module>

  <security>     
     <default-principal realm-name="geronimo-properties-realm">         
          <principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="user"/>
     </default-principal>

        <role-mappings> 
          <role role-name="admin">
            <realm realm-name="geronimo-properties-realm">
              <principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
                         name="admin"
                         designated-run-as="true"
                         />
            </realm>
          </role>
          <role role-name="user">
            <realm realm-name="CoordinatorRealm">
              <principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
                         name="users"/>
            </realm>
          </role>
        </role-mappings>        
  </security>
</application>


--- reklama -----------------------------------------------------
Nechaj sa uniesť do hlbokých tajomstiev Novej Guiney!
TAMTAMY ČASU – prvý cestovateľský internetový seriál
http://cestovanie.zoznam.sk/?sid=10142

Mime
View raw message