• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

Declarative Security with Java EE (Glassfish)

 
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I want a simple example of a secured folder of a JSP application. The folder named "admin" should be accessed only by a user named "verwalter" (I dont use the user named "admin" as there ist already such a user in Glassfish).

I program an app with an index.jsp. There is a link to the a subfolder admin to the file adminSeite.html. Besides the index.jsp there are login.jsp and error.jsp. login jsp has the following form in it:




error.jsp tells if entry fails.

In the Glassfish-Console (localhost:4848) I declare a user "verwalter" with password "verwalter" in the realm "file". I create a group "verwalterGruppe" with a random name. Here it is not possible to assign the user to a role (although some EE tutorials say that roles are defined in Glassfish)

web.xml: Definition of roles (to my opinion) and resources (paths):



sun-web.xml: mapping role defined in web.xml to user and group defined in admin console of glassfish.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<context-root>/VerzeichnisSchutz</context-root>
<security-role-mapping>
<role-name>adminRolle</role-name>
<principal-name>verwalter</principal-name>
<group-name>verwalterGruppe</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</sun-web-app>

If I want to run the app, I cannot login with user verwalter and pass verwalter. The indicated url is:

http://localhost:8080/VerzeichnisSchutz/admin/j_security_chek

I am not sure about the definition of roles and resouces. Are roles defined in web.xml, or are there predifined roles in Glassfish (admin and user), as many tutorials suggest? My I name resources deliberately?

Somebody can help me?

 
Terence Gronowski
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there nobody using Java EE6 declarative security? Is there anybody who works with Netbeans 6.9.1?

In the meantime I think that the non functionning of Declarative Security does not work in Netbeans 6.9.1.

I will report a bug.

Netbeans is a very cool tool, if only these many errors would not be!!!
 
Terence Gronowski
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I at last found the error. The form I used hat a small error.

<form action="j_security_check" method="post">
Username: <input type="text" name="j_username">

Passwort: <input type="password" name="j_password">
<input type="submit" value="Login">
</form>

I just had "value="submit", that was fatal.

Second I suppose that the role name must be written with a first big letter.

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<security-constraint>
<display-name>AdminDisplay</display-name>
<web-resource-collection>
<web-resource-name>WebResource</web-resource-name>
<description/>
<url-pattern>/verwaltungsOrdner/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>ConstraintBeschreibung</description>
<role-name>AdminRolle</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginFehler.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>AdminRolle</role-name>
</security-role>
</web-app>

and sun-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<context-root>/Schutz_1</context-root>
<security-role-mapping>
<role-name>AdminRolle</role-name>
<principal-name>verwalter</principal-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</sun-web-app>

It was annoiing to find the error, because there were no error messages.
 
Terence Gronowski
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
(sorry, I forgot to format code above)
I at last found the error. The form I used hat a small error.



I just had "value="submit", that was fatal.

Second I suppose that the role name must be written with a first big letter.

web.xml



and sun-web.xml



It was annoiing to find the error, because there were no error messages.
 
I carry this gun in case a vending machine doesn't give me my fritos. This gun and this tiny ad:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic