This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
I have a simple web app on WAS 4.0.5 which is set up to use Basic Login. I have listed the main controller servlet (not the main index.html page) as a protected resource by defining a security constraint, in which the resource is accessible to AllAuthenticatedUsers. I have also enabled security in the Security Center. However, when I try accessing the app, I do not get the basic login dialog box. Instead access goes straight to the controller servlet, which attempts to call getUserPrincipal and this of course fails, since authentication was not carried out. I have tried all manner of URL pattern names: [CODE} /* servlet/Controller /servlet/Controller /App/Controller /Controller Controller [/CODE] but to no avail. Anyone have an idea what the problem is? thanks
<i>Truth is one; the wise call it by many names</i> (Rig Veda I.64.46)
How do you access your subcontrollers? Are you using HTML parameters, (e.g. /servlet/mycontroller?subcontrollername=someothercontroller) or are you using the rest of the URI (e.g. /servlet/mycontroller/someothercontroller)? Kyle
Well, I managed to get around this specific problem by defining a role/group that has something other than AllAuthenticatedUsers in it. (All though I am not sure why. It seems WAS is confusing authentication with authorization). However, when I type in a userid + password that I know is in the CustomRegistry (because it is accepted by the Security Center in the Administration Concole. However, I get an exception stack trace and the following error messages in the stdout log file:
Any light you can shed would be most appreciated! thanks
Are you trying to authenticate of a true WAS server or WSAD? Also, are you trying to authenitcate of the local OS? As far as any other problems go, I have done some fooling with authentication. Start of easy, map your control servlet say with the name controlServlet to /controlServlet and /secure/controlServlet. Then in your security constraints throw in /secure/* as a protected resource. Define whats protected to that resource and try to logon using basic authentication. Once that works as planned, add in the getUserbyRole programmatic authorization code and test that. Remember, in order to authorize EJBs programmatic authorization code doesn't neccessarily have to be there.
Joined: Dec 11, 2002
Hi I am authenticating using WAS. I don't have WSAD. My current implementation uses Custom Registry. I have also tried the OS based registry option. However, I am unable to restart the admin service (as it tells you to do) with that option, so I have given up on that one. The problem is no longer with the login dialog not coming up (see my other post). Rather the authentication mechanism is somehow rejecting the attempts at logging in. I am not sure why. The if and password that I am using are present in the registry, as verified by the Security Console thanks
Joined: Dec 11, 2002
Well I think I've dicovered the source of the problem (but not the cure ) When you use LocalOS as the Registry, after you've made your changes, and restarted the admin server, you see that the changes have been propagated to sas.server.props. In particular, it sets the ibm...CORBA.securityEnabled flag to true. However, with CustomRegistry, WAS Admin does not do this. This looks like a bug to me, but can anyone from IBM confirm? thanks