How to implement basic authentication with Glassfish?
You may try this guide: http://download.oracle.com/docs/cd/E19798-01/821-1750/beaxw/index.html I heard that web.xml sometimes not work properly. I had same problem but cannot test it now.
wolfiem
Updated on June 04, 2022Comments
-
wolfiem almost 2 years
I'm tried this configuration but it didn't work for me. Basic Authentication in Glassfish I also tried this guide http://maksim.sorokin.dk/it/2010/10/13/basic-authentication-in-glassfish-3/ but I couldn't get user-pass asking with it too.
These are steps I've taken:
1. Login as admin to Admin interface.
2. Go to Security->Realms->File
3. Add a group name (Users) to Assign Groups field.
4. Open manage users at the top of the page.
5. Click New and add an user (testuser) and give a password.
6. Add (Users) to Group List.
7. put this lines to web.xml<security-constraint> <web-resource-collection> <web-resource-name>Secure Application</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>User</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>file</realm-name> </login-config> <security-role> <role-name>User</role-name> </security-role>
8. and put this lines to sun-web.xml
<sun-web-app error-url=""> <security-role-mapping> <role-name>User</role-name> <group-name>Users</group-name> </security-role-mapping> </sun-web-app>
9. After all I enabled Configurations->server-config->Security->Security Manager
My configuration is Glassfish 3.1, sun java6 jdk, Debian lenny and a simple "Hello World" page for testing.
What is missing here?
UPDATE:
I figured out it needs xml headers. After I've added them it started to work. My final configuration is below:
<?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <security-constraint> <web-resource-collection> <web-resource-name>Secure Application</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>Users</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>file</realm-name> </login-config> <security-role> <role-name>Users</role-name> </security-role> </web-app>
and
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd"> <sun-web-app error-url=""> <security-role-mapping> <role-name>Users</role-name> <group-name>Users</group-name> </security-role-mapping> </sun-web-app>