itnifl
asked on
Setting up Form based Authentication in GlassFish
I can't get form based authentication to work in JSF with Glassfish 3. I get this error(the base problem):
WARNING: Web login failed: Login failed: javax.security.auth.login. LoginExcep tion: Security Exception
For info, I also get:
WARNING: PWC4011: Unable to set request character encoding to UTF-8 from context /wapl, because request parameters have already been read, or ServletRequest.getReader() has already been called
Once in a while I also get:
WARNING: !!!!! Cannot create Update Center Image for C:\Program Files\glassfish-3.0.1\glas sfish\..
INFO: Cannot create update center Image for C:\Program Files\glassfish-3.0.1; Update Center functionality will not be available in Admin Console
WARNING: Error in getting update component list, cannot get image.
INFO: Update Component count = -1
I have checked "Default Principal to Mapping" under Configuration -> Security.
The jdbc resource and the connection pool works fine, I have been using them earlier with no problem before trying to set up authentication. The realm setup is like this:
Name: waplj_realm
Class name: com.sun.enterprise.securit y.auth.rea lm.jdbc.JD BCRealm
JAAS Context: jdbcRealm
JNDI: jdbc/waplj_prosjekt
User Table: bruker
User Name Column: brukernavn
Password Column: passord
Group Table: rolle
Group Name Column: rolle
Database User: waplj
Database pasword: passord
Digest Algorithm: none
I have tried to find where other places to set clear text passwords without encryption, but I have not found any.
WARNING: Web login failed: Login failed: javax.security.auth.login.
For info, I also get:
WARNING: PWC4011: Unable to set request character encoding to UTF-8 from context /wapl, because request parameters have already been read, or ServletRequest.getReader()
Once in a while I also get:
WARNING: !!!!! Cannot create Update Center Image for C:\Program Files\glassfish-3.0.1\glas
INFO: Cannot create update center Image for C:\Program Files\glassfish-3.0.1; Update Center functionality will not be available in Admin Console
WARNING: Error in getting update component list, cannot get image.
INFO: Update Component count = -1
I have checked "Default Principal to Mapping" under Configuration -> Security.
The jdbc resource and the connection pool works fine, I have been using them earlier with no problem before trying to set up authentication. The realm setup is like this:
Name: waplj_realm
Class name: com.sun.enterprise.securit
JAAS Context: jdbcRealm
JNDI: jdbc/waplj_prosjekt
User Table: bruker
User Name Column: brukernavn
Password Column: passord
Group Table: rolle
Group Name Column: rolle
Database User: waplj
Database pasword: passord
Digest Algorithm: none
I have tried to find where other places to set clear text passwords without encryption, but I have not found any.
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/protected/index.xhtml</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Pages</web-resource-name>
<url-pattern>/faces/protected/*</url-pattern>
<url-pattern>/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>bruker</role-name>
<role-name>system</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>waplj_realm</realm-name>
<form-login-config>
<form-login-page>/faces/login.xhtml</form-login-page>
<form-error-page>/faces/noauth.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>bruker</role-name>
</security-role>
<security-role>
<role-name>system</role-name>
</security-role>
</web-app>
sun-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<context-root>/waplj-Ovelse11</context-root>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
<security-role-mapping>
<role-name>bruker</role-name>
<group-name>bruker</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>system</role-name>
<group-name>system</group-name>
</security-role-mapping>
</sun-web-app>
login.xhtml:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:ui="http://java.sun.com/jsf/facelets">
<h:head>
<title>IGNORED</title>
</h:head>
<h:body>
<ui:composition template="templates/masterTemplate.xhtml">
<ui:define name="pageTitle">#{msgs.loginForm}</ui:define>
<ui:define name="top"> </ui:define>
<ui:define name="heading">
<div class="header" align="center">#{msgs.loginForm}</div>
</ui:define>
<ui:define name="content">
<div align="center">
<form method="post" action="j_security_check">
<p><b>#{msgs.loginInfo}</b></p>
<table>
<tr><td>#{msgs.editorUsername}:</td>
<td><input type="text" name="j_username" /></td>
</tr>
<tr><td>#{msgs.editorPassword}:</td>
<td><input type="password" name="j_password" /></td>
</tr>
</table>
<p><input type="submit" value="Login" /></p>
</form>
</div>
</ui:define>
<ui:define name="bottom">
#{msg.loginForm}
</ui:define>
</ui:composition>
</h:body>
</html>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.