geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rbaumhof <ralf.baum...@web.de>
Subject j_security_check, jaas, container managed security, login to tomcat is not forwarde to ejb container
Date Fri, 25 Jun 2010 09:51:54 GMT

Hello, 

2 years ago i dealed with the same problem and solved it by writing an own
filter which performs security checks an forces login. Now i am testing
again the standard servlet form based authentication with j_security_check
action. This works on the tomcat web container, but the ejb container always
return Unauthenticated and isUserInRole()=true.

Examples:
1.) before login, faces thinks there is no user logged in (what is right) -
but in EJB, isUserInRole=true
$$faces.AuthType=null
$$faces.RemoteUser=null
$$rolle SystemManager=false
$$EJB principal in UserManagerImpl::selectUser=Unauthenticated
$$EJB: rolle SystemManager=true


2.) after login of the rigth user, faces knows about this, and knows the
role - but in EJB, same reaction
$$faces.AuthType=FORM
$$faces.RemoteUser=system
$$rolle SystemManager=true
$$EJB principal in UserManagerImpl::selectUser=Unauthenticated
$$EJB: rolle SystemManager=true

3.) after login of the wrong user, faces knows about this, and knows the
role - but in EJB, same reaction
$$faces.AuthType=FORM
$$faces.RemoteUser=no-admin
$$rolle SystemManager=false
$$EJB principal in UserManagerImpl::selectUser=Unauthenticated
$$EJB: rolle SystemManager=true

this is my configuration
1.) in web.xml:

	 <security-constraint>
		<web-resource-collection>
			<web-resource-name>Admin page</web-resource-name>
			<url-pattern>/pages/admin/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>SystemManager</role-name>
		</auth-constraint>
	</security-constraint>
	
	<login-config>
		<auth-method>FORM</auth-method>
		<realm-name>v-db-sha256</realm-name>
		<form-login-config>
			<form-login-page>/pages/login1.jsf</form-login-page>
			<form-error-page>/allg/loginErr.jsp</form-error-page>
		</form-login-config>
	</login-config>
	
	<security-role>
		<description>
			Role required to see admin pages.
		</description>
		<role-name>SystemManager</role-name>
	</security-role>
 

in geronimo-web.xml:
	<security-realm-name>vesuv-db-sha256</security-realm-name>
  
by the way: we are using Geronimo 2.1.4 with jdk 1.5, update 20. The problem
is the same on Windows and Linux.



-- 
View this message in context: http://apache-geronimo.328035.n3.nabble.com/j-security-check-jaas-container-managed-security-login-to-tomcat-is-not-forwarde-to-ejb-container-tp921719p921719.html
Sent from the Users mailing list archive at Nabble.com.

Mime
View raw message