Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to configure glassfish 3.1 security file realm using Netbeans 7.1?

I am trying to configure a simple file realm in glassfish 3.1 following this tutorial:

I did everything as it says but doesn't work, when I travel to the admin page doesn't I don't see the pop up message asking for credentials. This is what I did:

1- Create a file realm: enter image description here

2- Then I created a user using the manage users button enter image description here

3-I created a glassfish-web.xml file using the graphic interface instead of the editors enter image description here

4-Then in the same way I configured the web.xml enter image description here Sorry if this last image is a bit hard to see, you can zoom.

When I use the URL to travel to /admin.xhtml nothing stops me from viewing the content of the page, this means something is not configured right. I don't know what am I missing. Could somebody give me a hand trying to find the reason I cannot make this simple security task work?

Update

Here my web.xml source

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>faces/index.xhtml</welcome-file>
    </welcome-file-list>
    <security-constraint>
        <display-name>Constraint1</display-name>
        <web-resource-collection>
            <web-resource-name>allowed</web-resource-name>
            <description/>
            <url-pattern>/admin.xhtml</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>administrator</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>file</realm-name>
    </login-config>
    <security-role>
        <description/>
        <role-name>administrator</role-name>
    </security-role>
</web-app>

and also glassfish-web.xml source

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
  <security-role-mapping>
    <role-name>administrator</role-name>
    <group-name>admin</group-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</glassfish-web-app>

Basically what I want to do is having 2 types of users. Guests who just browse index.xhtml and they have no credentials at all and the administrators who have their credentials stored in the file and are asked for them when going to admin.xhtml

I don't understand what is missing. Do I need to create special privilege for guest users saying that they can view index.xhtml?

like image 631
javing Avatar asked Apr 30 '12 16:04

javing


1 Answers

Assuming your admin.xhtml is a JSF page then because your JSF mapping is /faces/* you are opening it through a URL like http://localhost:8080/[Project/]faces/admin.xhtml. This does not match /admin.xhtml

Replace:

<url-pattern>/admin.xhtml</url-pattern>

with

<url-pattern>/faces/admin.xhtml</url-pattern>
like image 96
Eelke Avatar answered Nov 10 '22 16:11

Eelke