File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes J2EE Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "J2EE Security" Watch "J2EE Security" New topic
Author

J2EE Security

Corey McGlone
Ranch Hand

Joined: Dec 20, 2001
Posts: 3271
I'm trying to set up application security for a project I'm working on and I'm running into a bit of difficulty. In my deployment descriptor, I have this:



What I'd really like to have happen is to allow anyone that successfully authenticates to access the page - but I need them to log in to prove who they are. Right now, what's happening is that it seems that the authentication happens properly, but then I get a 403 error stating that the user does not have any of the assigned roles required (administrator) to get to the desired resource.

The app server behind this is WAS 6.1 and that's authenticating against LDAP.

What am I missing in this configuration? How do I map the user to a role? Does that have to come from LDAP?

Thanks.


SCJP Tipline, etc.
Bosun Bello
Ranch Hand

Joined: Nov 06, 2000
Posts: 1506
You are correct. The way you have it configured only users that belong to the Administrator role will have access to perform the specified actions on the resources. The users have to be mapped to the administrator role in order to be able to be able to perform the actions

Mapping users to is obviously server specific, for tomcat I kow it's via the tomcat-users.xml file. For WAS, I found some infor that may help.

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/csec_adminconsole.html


Bosun (SCJP, SCWCD)
So much trouble in the world -- Bob Marley
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: J2EE Security
 
Similar Threads
Security
providing security to struts url through embedded ldap server
How to change response from Https to Http
Problems with FORM Authentication
How to change response from Https to Http