?
Solved

Setting up Form based Authentication in GlassFish

Posted on 2010-11-13
1
Medium Priority
?
2,818 Views
Last Modified: 2012-05-10
I can't get form based authentication to work in JSF with Glassfish 3. I get this error(the base problem):
WARNING: Web login failed: Login failed: javax.security.auth.login.LoginException: Security Exception

For info, I also get:
WARNING: PWC4011: Unable to set request character encoding to UTF-8 from context /wapl, because request parameters have already been read, or ServletRequest.getReader() has already been called

Once in a while I also get:
WARNING: !!!!! Cannot create Update Center Image for C:\Program Files\glassfish-3.0.1\glassfish\..
INFO: Cannot create update center Image for C:\Program Files\glassfish-3.0.1; Update Center functionality will not be available in Admin Console
WARNING: Error in getting update component list, cannot get image.
INFO: Update Component count = -1


I have checked "Default Principal to Mapping" under Configuration -> Security.
The jdbc resource and the connection pool works fine, I have been using them earlier with no problem before trying to set up authentication. The realm setup is like this:

Name: waplj_realm
Class name: com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm
JAAS Context: jdbcRealm
JNDI: jdbc/waplj_prosjekt
User Table: bruker
User Name Column: brukernavn
Password Column: passord
Group Table: rolle
Group Name Column: rolle
Database User: waplj
Database pasword: passord
Digest Algorithm: none

I have tried to find where other places to set clear text passwords without encryption, but I have not found any.
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>faces/protected/index.xhtml</welcome-file>
    </welcome-file-list>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Protected Pages</web-resource-name>
            <url-pattern>/faces/protected/*</url-pattern>
            <url-pattern>/protected/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>bruker</role-name>
            <role-name>system</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>waplj_realm</realm-name>
        <form-login-config>
            <form-login-page>/faces/login.xhtml</form-login-page>
            <form-error-page>/faces/noauth.xhtml</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <role-name>bruker</role-name>
    </security-role>
    <security-role>
        <role-name>system</role-name>
    </security-role>
</web-app>

sun-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
  <context-root>/waplj-Ovelse11</context-root>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
  <security-role-mapping>
    <role-name>bruker</role-name>
    <group-name>bruker</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>system</role-name>
    <group-name>system</group-name>
  </security-role-mapping>
</sun-web-app>

login.xhtml:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:h="http://java.sun.com/jsf/html"
      xmlns:ui="http://java.sun.com/jsf/facelets">
    <h:head>
        <title>IGNORED</title>
    </h:head>
    <h:body>
        <ui:composition template="templates/masterTemplate.xhtml">
        <ui:define name="pageTitle">#{msgs.loginForm}</ui:define>
        <ui:define name="top"> </ui:define>
        <ui:define name="heading">
            <div class="header" align="center">#{msgs.loginForm}</div>
        </ui:define>
        <ui:define name="content">
        <div align="center">
        <form method="post" action="j_security_check">
            <p><b>#{msgs.loginInfo}</b></p>
                <table>
                    <tr><td>#{msgs.editorUsername}:</td>
                        <td><input type="text" name="j_username" /></td>
                    </tr>
                    <tr><td>#{msgs.editorPassword}:</td>
                    <td><input type="password" name="j_password" /></td>
                    </tr>
                </table>
            <p><input type="submit" value="Login" /></p>
        </form>
        </div>
   </ui:define>
        <ui:define name="bottom">
            #{msg.loginForm}
        </ui:define>
        </ui:composition>
    </h:body>
</html>

Open in new window

0
Comment
Question by:itnifl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 2

Accepted Solution

by:
itnifl earned 0 total points
ID: 34131715
Seems I should not have used char in the database table for username, role and password. I changed it to varchar, it solved the problem.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you developing a Java application and want to create Excel Spreadsheets? You have come to the right place, this article will describe how you can create Excel Spreadsheets from a Java Application. For the purposes of this article, I will be u…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question