|
Replies:
5
-
Last Post:
Feb 21, 2006 2:20 AM
by: amyroh
|
|
|
|
|
|
|
Roller and GlassFish (JDBCRealm)
Posted:
Feb 15, 2006 11:50 AM
|
|
|
I've added JDBCRealm to GlassFish. The database authentication seems to go through according to the log, however, the next page never gets invoked. Trying to log in the second time fails with wrong password error.
Looking at the log, only alarming message I see is "Failed authenticate() test ??/roller/j_security_check". I see from AuthenticatorBase that this log is for "form-based login to deal with the case where the login form (and therefore the "j_security_check" URI to which it submits) might be outside the secured area".
Am i missing something in my security-constraint or other configs?
=== web.xml
<resource-ref>
<res-ref-name>jdbc/rollerdb</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<security-constraint>
<web-resource-collection>
<web-resource-name>EditorPages</web-resource-name>
<description>Editor pages</description> <url-pattern>/editor/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection> <auth-constraint>
<description>Editors and Adminstrators only</description>
<role-name>admin</role-name>
<role-name>editor</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminPages</web-resource-name>
<description>Administration pages</description> <url-pattern>/admin/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection> <auth-constraint>
<description>Administrators only</description>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<!-- Login and login error pages -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>The Administrator Role</description>
<role-name>admin</role-name>
</security-role>
<security-role>
<description>The Editor Role</description>
<role-name>editor</role-name>
</security-role>
=== sun-web.xml
<sun-web-app>
<security-role-mapping>
<role-name>editor</role-name>
<principal-name>roller</principal-name>
<group-name>editor</group-name>
</security-role-mapping>
<session-config>
<session-manager>
</session-manager>
</session-config>
<resource-ref>
<res-ref-name>jdbc/rollerdb</res-ref-name>
<jndi-name>jdbc/rollerdb</jndi-name>
</resource-ref>
</sun-web-app>
==== server.log
[#|2006-02-14T20:52:55.453-0800|FINE|sun-appserver-pe9.0|javax.enterprise.system.core.security|_ThreadID=16;_ThreadName=httpWorkerThread-7777-0;ClassName=com.sun.enterprise.security.auth.LoginContextDriver;MethodName=doPasswordLogin;_RequestID=a9ff58cf-9980-42d2-b5f5-dce1d316a802;|Password login succeeded for : user2|#]
[#|2006-02-14T20:52:55.453-0800|FINE|sun-appserver-pe9.0|javax.enterprise.system.core.security|_ThreadID=16;_ThreadName=httpWorkerThread-7777-0;ClassName=com.sun.enterprise.security.SecurityContext;MethodName=setCurrent;_RequestID=a9ff58cf-9980-42d2-b5f5-dce1d316a802;|permission check done to set SecurityContext|#]
[#|2006-02-14T20:52:55.453-0800|FINE|sun-appserver-pe9.0|javax.enterprise.system.core.security|_ThreadID=16;_ThreadName=httpWorkerThread-7777-0;ClassName=com.sun.enterprise.security.auth.LoginContextDriver;MethodName=doPasswordLogin;_RequestID=a9ff58cf-9980-42d2-b5f5-dce1d316a802;|Set security context as user: user2|#]
[#|2006-02-14T20:52:55.453-0800|FINE|sun-appserver-pe9.0|javax.enterprise.system.container.web|_ThreadID=16;_ThreadName=httpWorkerThread-7777-0;ClassName=com.sun.web.security.RealmAdapter;MethodName=authenticate;_RequestID=a9ff58cf-9980-42d2-b5f5-dce1d316a802;|Web login succeeded for: user2|#]
[#|2006-02-14T20:52:55.453-0800|FINE|sun-appserver-pe9.0|org.apache.catalina.authenticator.FormAuthenticator|_ThreadID=16;_ThreadName=httpWorkerThread-7777-0;ClassName=org.apache.catalina.authenticator.FormAuthenticator;MethodName=authenticate;_RequestID=a9ff58cf-9980-42d2-b5f5-dce1d316a802;|Authentication of 'user2' was successful|#]
[#|2006-02-14T20:52:55.453-0800|FINE|sun-appserver-pe9.0|org.apache.catalina.authenticator.FormAuthenticator|_ThreadID=16;_ThreadName=httpWorkerThread-7777-0;ClassName=org.apache.catalina.authenticator.FormAuthenticator;MethodName=authenticate;_RequestID=a9ff58cf-9980-42d2-b5f5-dce1d316a802;|Redirecting to original '/roller/login-redirect.jsp'|#]
[#|2006-02-14T20:52:55.453-0800|FINE|sun-appserver-pe9.0|org.apache.catalina.authenticator.AuthenticatorBase|_ThreadID=16;_ThreadName=httpWorkerThread-7777-0;ClassName=org.apache.catalina.authenticator.AuthenticatorBase;MethodName=invoke;_RequestID=a9ff58cf-9980-42d2-b5f5-dce1d316a802;| Failed authenticate() test ??/roller/j_security_check|#]
[#|2006-02-14T20:52:55.468-0800|FINE|sun-appserver-pe9.0|org.apache.catalina.authenticator.AuthenticatorBase|_ThreadID=28;_ThreadName=httpWorkerThread-7777-3;ClassName=org.apache.catalina.authenticator.AuthenticatorBase;MethodName=register;_RequestID=6b6b91af-e3c4-48ec-90b7-fa4c69dfb582;|Authenticated 'user2' with type 'FORM'|#]
[#|2006-02-14T20:52:55.718-0800|FINE|sun-appserver-pe9.0|javax.enterprise.system.container.web.pwc|_ThreadID=29;_ThreadName=httpWorkerThread-7777-4;ClassName=com.sun.enterprise.security.web.SingleSignOn;MethodName=invoke;_RequestID=caae08f4-d319-4632-bc56-3a7593e3df5c;| Found cached principal 'user2' with auth type 'FORM' in realm 'jdbcRealm'|#]
|
|
|
|
|
|
|
Re: Roller and GlassFish (JDBCRealm)
Posted:
Feb 15, 2006 9:17 PM
in response to: amyroh
|
|
|
I have been trying to get roller to work on glassfish too. Roller 2.1 is about to be released and they are going to do away with J2EE authentication so you might want to wait for that. I setup a tutorial on how I got roller 2.0 to work on glassfish here:
http://onticrealms.com/roller/quickStart.html
You can work around the problem at the bottow by adding
<class-loader delegate="false"/>
to the sun-web.xml as mentioned in issue 188. I am going to rework the doc once I get 2.1 running on GF.
I rolled my own JDBC realm but it should be the same. When you say the next page never gets invoked, does that mean the server hangs?
|
|
|
|
|
|
|
|
|
Re: Roller and GlassFish (JDBCRealm)
Posted:
Feb 15, 2006 10:28 PM
in response to: aaronanderson
|
|
|
Hi,
I am actually working with Roller 2.1 since it should be easier. I understand Roller 2.1 no longer uses container managed security, so it should work without jdbcrealm stuff but I couldn't get around it still.
How far did you get with Roller 2.0 (using workarounds)? I was getting some NPEs from the Roller 2.0\GlassFish.
With Roller 2.1, the authentication goes through via jdbcrealm (reading from the log), however, the next page (successful login) never gets invoked. More on this later...
|
|
|
|
|
|
|
|
|
Re: Roller and GlassFish (JDBCRealm)
Posted:
Feb 16, 2006 1:47 PM
in response to: amyroh
|
|
|
I got roller 2.1 working by following the same instructions for roller 2.0 (change the taglib definitions,make the web.xml valid, and set derby as the hibernate dialect). In addition, to get the ageis security working I had to modify the glassfish source code as described here https://glassfish.dev.java.net/issues/show_bug.cgi?id=221
|
|
|
|
|
|
|
|
|
Re: Roller and GlassFish (JDBCRealm)
Posted:
Feb 16, 2006 2:06 PM
in response to: aaronanderson
|
|
|
ahh I was getting
Caused by: java.lang.ClassCastException: net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken
at com.sun.web.server.J2EEInstanceListener.handleBeforeEvent(J2EEInstanceListener.java:152)
and I just saw this too - http://www.jroller.com/page/agrebnev?entry=acegi_does_not_work_at.
|
|
|
|
|
java.net RSS
