• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Authentication/Security Constraint problem

 
srinivas nedunuri
Greenhorn
Posts: 16
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a simple web app on WAS 4.0.5 which is set up to use Basic Login. I have listed the main controller servlet (not the main index.html page) as a protected resource by defining a security constraint, in which the resource is accessible to AllAuthenticatedUsers. I have also enabled security in the Security Center.
However, when I try accessing the app, I do not get the basic login dialog box. Instead access goes straight to the controller servlet, which attempts to call getUserPrincipal and this of course fails, since authentication was not carried out.
I have tried all manner of URL pattern names:
[CODE}
/*
servlet/Controller
/servlet/Controller
/App/Controller
/Controller
Controller
[/CODE]
but to no avail.
Anyone have an idea what the problem is?
thanks
 
Kyle Brown
author
Ranch Hand
Posts: 3892
5
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How do you access your subcontrollers? Are you using HTML parameters, (e.g. /servlet/mycontroller?subcontrollername=someothercontroller) or are you using the rest of the URI (e.g. /servlet/mycontroller/someothercontroller)?
Kyle
 
srinivas nedunuri
Greenhorn
Posts: 16
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, I managed to get around this specific problem by defining a role/group that has something other than AllAuthenticatedUsers in it. (All though I am not sure why. It seems WAS is confusing authentication with authorization). However, when I type in a userid + password that I know is in the CustomRegistry (because it is accepted by the Security Center in the Administration Concole. However, I get an exception stack trace and the following error messages in the stdout log file:

Any light you can shed would be most appreciated!
thanks
 
Mitan Chandihok
Greenhorn
Posts: 15
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you trying to authenticate of a true WAS server or WSAD? Also, are you trying to authenitcate of the local OS?
As far as any other problems go, I have done some fooling with authentication. Start of easy, map your control servlet say with the name controlServlet to /controlServlet and /secure/controlServlet. Then in your security constraints throw in /secure/* as a protected resource. Define whats protected to that resource and try to logon using basic authentication. Once that works as planned, add in the getUserbyRole programmatic authorization code and test that. Remember, in order to authorize EJBs programmatic authorization code doesn't neccessarily have to be there.
 
srinivas nedunuri
Greenhorn
Posts: 16
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
I am authenticating using WAS. I don't have WSAD. My current implementation uses Custom Registry. I have also tried the OS based registry option. However, I am unable to restart the admin service (as it tells you to do) with that option, so I have given up on that one.
The problem is no longer with the login dialog not coming up (see my other post). Rather the authentication mechanism is somehow rejecting the attempts at logging in. I am not sure why. The if and password that I am using are present in the registry, as verified by the Security Console
thanks
 
srinivas nedunuri
Greenhorn
Posts: 16
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well I think I've dicovered the source of the problem (but not the cure )
When you use LocalOS as the Registry, after you've made your changes, and restarted the admin server, you see that the changes have been propagated to sas.server.props. In particular, it sets the ibm...CORBA.securityEnabled flag to true.
However, with CustomRegistry, WAS Admin does not do this. This looks like a bug to me, but can anyone from IBM confirm?
thanks
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic