yes, i already did. my jboss-web.xml is like: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd"> <jboss-web> <security-domain>java:/jaas/saybot</security-domain> </jboss-web> and my jboss.xml for my ejb jar is like: <jboss> <security-domain>java:/jaas/saybot</security-domain> .... </jboss>
so i used the java:/jaas/saybot security domain, which is defined in login-config.xml: <application-policy name="saybot"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/SaybotDS</module-option> <module-option name="principalsQuery"> select password from User where loginName=? </module-option> <module-option name="rolesQuery"> select role, 'Roles' from Role r, User u where r.userid=u.id and u.loginName=? union select 'User', 'Roles' </module-option> <module-option name="unauthenticatedIdentity">nobody</module-option> </login-module> </authentication> </application-policy> it's going to a mysql database for passwords and roles. the tables look like: create table User ( id BIGINT NOT NULL AUTO_INCREMENT, loginName VARCHAR(64) not null unique, name VARCHAR(128) not null, email VARCHAR(128) not null unique, password VARCHAR(128) not null, primary key (id) ); create table Role ( id BIGINT NOT NULL AUTO_INCREMENT, role VARCHAR(128) not null, userid BIGINT not null, primary key (id) ); alter table Role add index (userid), add constraint FK26F496CE2B3226 foreign ke (userid) references User (id); the server-side test log did not show any error. i was able to run a cactus test without authentication. On 7/20/05, M.-Leander Reimer <[EMAIL PROTECTED]> wrote: > Hi, > > have you checked the security domain used in you jboss-web.xml? It's > usually java:/jass/other which uses roles.properties and > users.properties (look in you cactified WAR). > If the roles you use in your web.xml and the user credentials you use in > the setAuthentication method are not contained in either of the files > you won't be able to authenticate successfully. > > Good luck :-) > > Leander > > > Ho-Ki Au schrieb: > > I was trying to write some cactus tests to test an ejb which required > > authentication. The application server used was jboss-4.0.2, with the > > tomcat 5 web container. I followed the instructions documented on the > > official cactus web site and created a protected > > ServletRedirectorSecure servlet to do it. When I ran the tests, I got > > an error message like: > > [cactus] > ----------------------------------------------------------------- > > [cactus] Running tests against JBoss 4.0.2 > > [cactus] > ----------------------------------------------------------------- > > [cactus] (httpclient.HttpMethodBase 2543) Already tried > > to authenticate with 'localhost:8080' authentication realm at > > localhost, but still receiving: HTTP/1.1 401 Unauthorized > > [cactus] (httpclient.HttpMethodBase 2543) Already tried > > to authenticate with 'localhost:8080' authentication realm at > > localhost, but still receiving: HTTP/1.1 401 Unauthorized > > [cactus] Testsuite: com.saybot.directory.DirectoryTest > > [cactus] Tests run: 1, Failures: 0, Errors: 1, Time elapsed: 0.251 > sec > > [cactus] > > [cactus] Testcase: testBasicAuthentication took 0.2 sec > > [cactus] Caused an ERROR > > [cactus] Failed to get the test results at > > [http://localhost:8080/directory/ServletRedirectorSecure] > > [cactus] org.apache.cactus.util.ChainedRuntimeException: Failed to > > get the test results at > > [http://localhost:8080/directory/ServletRedirectorSecure] > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest_aroundBody0(DefaultHttpClient.java:92) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest_aroundBody1$advice(DefaultHttpClient.java:306) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest(DefaultHttpClient.java) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runWebTest(HttpProtocolHandler.java:159) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest_aroundBody0(HttpProtocolHandler.java:80) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest_aroundBody1$advice(HttpProtocolHandler.java:306) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest(HttpProtocolHandler.java) > > [cactus] at > > > org.apache.cactus.internal.client.ClientTestCaseCaller.runTest(ClientTestCaseCaller.java:144) > > [cactus] at > > > org.apache.cactus.internal.AbstractCactusTestCase.runBareClient(AbstractCactusTestCase.java:215) > > [cactus] at > > > org.apache.cactus.internal.AbstractCactusTestCase.runBare(AbstractCactusTestCase.java:133) > > [cactus] org.apache.cactus.internal.client.ParsingException: Not a > > valid response [401 Unauthorized] > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.DefaultHttpClient.callGetResult(DefaultHttpClient.java:211) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest_aroundBody0(DefaultHttpClient.java:87) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest_aroundBody1$advice(DefaultHttpClient.java:306) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest(DefaultHttpClient.java) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runWebTest(HttpProtocolHandler.java:159) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest_aroundBody0(HttpProtocolHandler.java:80) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest_aroundBody1$advice(HttpProtocolHandler.java:306) > > [cactus] at > > > org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest(HttpProtocolHandler.java) > > [cactus] at > > > org.apache.cactus.internal.client.ClientTestCaseCaller.runTest(ClientTestCaseCaller.java:144) > > [cactus] at > > > org.apache.cactus.internal.AbstractCactusTestCase.runBareClient(AbstractCactusTestCase.java:215) > > [cactus] at > > > org.apache.cactus.internal.AbstractCactusTestCase.runBare(AbstractCactusTestCase.java:133) > > [cactus] > > [cactus] Testcase: testBasicAuthentication > > > > That was when I used maven to run the test. I got the same error when > > I ran java > > org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner from shell. > > > > My web.xml was like: > > <?xml version="1.0" encoding="UTF-8"?> > > <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web > > Application 2.3//EN" > > "http://java.sun.com/dtd/web-app_2_3.dtd"> > > <web-app> > > <filter> > > <filter-name>FilterRedirector</filter-name> > > > <filter-class>org.apache.cactus.server.FilterTestRedirector</filter-class> > > </filter> > > <filter-mapping> > > <filter-name>FilterRedirector</filter-name> > > <url-pattern>/test/filterRedirector.jsp</url-pattern> > > </filter-mapping> > > <servlet> > > <servlet-name>ServletRedirector</servlet-name> > > > <servlet-class>org.apache.cactus.server.ServletTestRedirector</servlet-class> > > </servlet> > > <servlet> > > <servlet-name>SerletRedirectorSecure</servlet-name> > > > <servlet-class>org.apache.cactus.server.ServletTestRedirector</servlet-class> > > </servlet> > > <servlet> > > <servlet-name>JspRedirector</servlet-name> > > <jsp-file>/jspRedirector.jsp</jsp-file> > > </servlet> > > <servlet-mapping> > > <servlet-name>ServletRedirector</servlet-name> > > <url-pattern>/ServletRedirector</url-pattern> > > </servlet-mapping> > > <servlet-mapping> > > <servlet-name>SerletRedirectorSecure</servlet-name> > > <url-pattern>/ServletRedirectorSecure</url-pattern> > > </servlet-mapping> > > <servlet-mapping> > > <servlet-name>JspRedirector</servlet-name> > > <url-pattern>/JspRedirector</url-pattern> > > </servlet-mapping> > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Cactus Test Redirector</web-resource-name> > > <url-pattern>/ServletRedirectorSecure</url-pattern> > > </web-resource-collection> > > <auth-constraint> > > <role-name>User</role-name> > > </auth-constraint> > > </security-constraint> > > <login-config> > > <auth-method>BASIC</auth-method> > > </login-config> > > <security-role> > > <role-name>User</role-name> > > </security-role> > > </web-app> > > > > my test was just to test if I could get the principal in the test. It > > didn't even call any ejb: > > public void beginBasicAuthentication(WebRequest request) { > > request.setRedirectorName("ServletRedirectorSecure"); > > request.setAuthentication(new BasicAuthentication("tester1", > > "tester1")); > > } > > > > public void testBasicAuthentication() { > > assertEquals("tester1", request.getUserPrincipal().getName()); > > assertEquals("tester1", request.getRemoteUser()); > > assertTrue(request.isUserInRole("User")); > > } > > > > Can someone help me with this please? > > > > When I used a browser to go to url > > > http://localhost:8080/directory/ServletRedirectorSecure?Cactus_Service=RUN_TEST > > it popped up a dialog to ask me for username and password. I entered > > "tester1", "tester1", and it went to a blank page. So that was > > correct. It didn't show me 401 error. > > > > Your help is much appreciated. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- -hoki --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]