How to implement basic authentication with Glassfish?

java linux security glassfish basic-authentication

14,608

You may try this guide: http://download.oracle.com/docs/cd/E19798-01/821-1750/beaxw/index.html I heard that web.xml sometimes not work properly. I had same problem but cannot test it now.

14,608

Author by

wolfiem

Updated on June 04, 2022

Comments

wolfiem almost 2 years

I'm tried this configuration but it didn't work for me. Basic Authentication in Glassfish I also tried this guide http://maksim.sorokin.dk/it/2010/10/13/basic-authentication-in-glassfish-3/ but I couldn't get user-pass asking with it too.

These are steps I've taken:
1. Login as admin to Admin interface.
2. Go to Security->Realms->File
3. Add a group name (Users) to Assign Groups field.
4. Open manage users at the top of the page.
5. Click New and add an user (testuser) and give a password.
6. Add (Users) to Group List.
7. put this lines to web.xml

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Secure Application</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>

    <auth-constraint>
        <role-name>User</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>file</realm-name>
  </login-config>

  <security-role>
    <role-name>User</role-name>
  </security-role>

8. and put this lines to sun-web.xml

<sun-web-app error-url="">
  <security-role-mapping>
    <role-name>User</role-name>
    <group-name>Users</group-name>
  </security-role-mapping>
</sun-web-app>

9. After all I enabled Configurations->server-config->Security->Security Manager

My configuration is Glassfish 3.1, sun java6 jdk, Debian lenny and a simple "Hello World" page for testing.

What is missing here?

UPDATE:

I figured out it needs xml headers. After I've added them it started to work. My final configuration is below:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Secure Application</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>

    <auth-constraint>
        <role-name>Users</role-name>
    </auth-constraint>
</security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>file</realm-name>
  </login-config>

  <security-role>
    <role-name>Users</role-name>
  </security-role>
</web-app>

and

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
  <security-role-mapping>
    <role-name>Users</role-name>
    <group-name>Users</group-name>
  </security-role-mapping>
</sun-web-app>